Managed Sentinel – Alert 234
|Alert Name||Network sniffing applications detected|
|Description||An adversary may place a network interface into promiscuous mode to passively access data in transit over the network; or use span ports to capture a larger amount of data|
|Threat Indicator||Improper Usage|
|MITRE ATT&CK Tactics||Discovery|
|False Positives||Approved vulnerability scans|
Penetration testing activity
|Recommendations||1. Ensure that all wired and/or wireless traffic is encrypted appropriately. |
2. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS.
3. Use multi-factor authentication wherever possible.