Managed Sentinel – Alert 234

Alert IDMS-A234
Alert NameNetwork sniffing applications detected
DescriptionAn adversary may place a network interface into promiscuous mode to passively access data in transit over the network; or use span ports to capture a larger amount of data
Severity LevelLow
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsDiscovery
Credential Access
Log sourcesWindows
False PositivesApproved vulnerability scans
Penetration testing activity
Recommendations1. Ensure that all wired and/or wireless traffic is encrypted appropriately.
2. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS.
3. Use multi-factor authentication wherever possible.