Managed Sentinel – Alert 019
| Alert ID | MS-A019 |
| Alert Name | Network switch failed authentication |
| Description | This alerts identifies network switches failed authentication. |
| Severity Level | Medium |
| Threat Indicator | Root Access |
| MITRE ATT&CK Tactics | Credential Access |
| Log sources | Network Switches (Syslog) |
| False Positives | Approved pen tests |
| Recommendations | 1. Change admin/root/administrator account password 2. Login into the switch console and review change history 3. Block IP address which requested the console access via the perimeter firewall 4. Investigate the possibility to use MFA for console access |