Managed Sentinel – Alert 151
| Alert ID | MS-A151 |
| Alert Name | Admin authentication failure detected on firewall - Cisco ASA |
| Description | This alert triggers when an administrator fails to successfully login into the firewall admin console; either via GUI or command shell. |
| Severity Level | Low |
| Threat Indicator | Root Access |
| MITRE ATT&CK Tactics | Credential Access Lateral Movement |
| Log sources | Firewall Status/Health Logs |
| False Positives | Penetration Tests |
| Recommendations | 1. Change admin/root/administrator account password 2. Login into the firewall console and review change history 3. Block IP address which requested the console access 4. Consider to disable management access from the untrust zones (best practices) |