Skip to content

Commit 46ab910

Browse files
patel-bhavinpatel-bhavin
committed
updating links
1 parent 6734892 commit 46ab910

File tree

3 files changed

+21
-9
lines changed

3 files changed

+21
-9
lines changed

detections/application/cisco_asa___core_syslog_message_volume_drop.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,12 @@ known_false_positives: |
3838
references:
3939
- https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
4040
- https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
41-
- https://ciscovulnmgmtprod.service-now.com/psirt?id=advisory_preview&sysparm_sys_id=bd8313cb47a7ea10f61dfa74116d43d8
42-
- https://ciscovulnmgmtprod.service-now.com/psirt?id=advisory_preview&sysparm_sys_id=cf28925747636e10f61dfa74116d43d9
41+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
42+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
43+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW
44+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
45+
- https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices
46+
- https://www.ncsc.gov.uk/news/persistent-malicious-targeting-cisco-devices
4347
tags:
4448
analytic_story:
4549
- ArcaneDoor

detections/application/cisco_asa___logging_disabled_via_cli.yml

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
name: Cisco ASA - Logging Disabled via CLI
22
id: 7b4c9f3e-5a88-4b7b-9c4b-94d8e5d67201
3-
version: 1
4-
date: '2025-09-23'
3+
version: 2
4+
date: '2025-09-25'
55
author: Bhavin Patel, Micheal Haag, Splunk
66
status: production
77
type: TTP
@@ -38,8 +38,12 @@ known_false_positives: |
3838
references:
3939
- https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
4040
- https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
41-
- https://ciscovulnmgmtprod.service-now.com/psirt?id=advisory_preview&sysparm_sys_id=bd8313cb47a7ea10f61dfa74116d43d8
42-
- https://ciscovulnmgmtprod.service-now.com/psirt?id=advisory_preview&sysparm_sys_id=cf28925747636e10f61dfa74116d43d9
41+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
42+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
43+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW
44+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
45+
- https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices
46+
- https://www.ncsc.gov.uk/news/persistent-malicious-targeting-cisco-devices
4347
drilldown_searches:
4448
- name: View the detection results for $host$
4549
search: '%original_detection_search% | search host = $host$'

stories/arcanedoor.yml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
name: ArcaneDoor
22
id: 7f2b9eac-0df5-4d0c-9e35-2b8fd552c9f1
3-
version: 1
3+
version: 2
44
date: '2025-09-23'
55
author: Bhavin Patel, Micheal Haag, Splunk
66
status: production
@@ -14,8 +14,12 @@ narrative: |
1414
references:
1515
- https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
1616
- https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
17-
- https://ciscovulnmgmtprod.service-now.com/psirt?id=advisory_preview&sysparm_sys_id=bd8313cb47a7ea10f61dfa74116d43d8
18-
- https://ciscovulnmgmtprod.service-now.com/psirt?id=advisory_preview&sysparm_sys_id=cf28925747636e10f61dfa74116d43d9
17+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
18+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
19+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW
20+
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
21+
- https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices
22+
- https://www.ncsc.gov.uk/news/persistent-malicious-targeting-cisco-devices
1923
tags:
2024
category:
2125
- Adversary Tactics

0 commit comments

Comments
 (0)