heroui logo

Detect IPv6 Network Infrastructure Threats

Splunk Security Content

View Source
Summary
This detection rule identifies potential threats to IPv6 network infrastructure by analyzing logs from Cisco network devices that implement First Hop Security mechanisms such as RA Guard, DHCP Guard, and device tracking. It focuses on suspicious activities, including IP and MAC address theft and packet drops, which may indicate attempts to compromise network security and integrity. If these activities are confirmed, they could lead to unauthorized access, data interception, or disruption of network services. The analytic uses a specific Standardized Programming Language (SPL) query to parse Cisco network device logs, aggregating suspicious events and summarizing relevant fields like source and destination IP addresses and MAC addresses. The rule is applicable in environments utilizing Cisco's security features and is part of an experimental status of threats detection specific to IPv6 networks.
Categories
  • Network
Data Sources
  • Network Traffic
  • Application Log
ATT&CK Techniques
  • T1200
  • T1498
  • T1557
  • T1557.002
Created: 2024-11-15