Managed Sentinel – Alert 019

Alert IDMS-A019
Alert NameNetwork switch failed authentication
DescriptionThis alerts identifies network switches failed authentication.
Severity LevelMedium
Threat IndicatorRoot Access
MITRE ATT&CK TacticsCredential Access
Log sourcesNetwork Switches (Syslog)
False PositivesApproved pen tests
Recommendations1. Change admin/root/administrator account password
2. Login into the switch console and review change history
3. Block IP address which requested the console access via the perimeter firewall
4. Investigate the possibility to use MFA for console access