Managed Sentinel – Alert 234
| Alert ID | MS-A234 |
| Alert Name | Network sniffing applications detected |
| Description | An adversary may place a network interface into promiscuous mode to passively access data in transit over the network; or use span ports to capture a larger amount of data |
| Severity Level | Low |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Discovery Credential Access |
| Log sources | Windows |
| False Positives | Approved vulnerability scans Penetration testing activity |
| Recommendations | 1. Ensure that all wired and/or wireless traffic is encrypted appropriately. 2. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS. 3. Use multi-factor authentication wherever possible. |