Arp Poisoning
Multiple changes of the MAC address for a specific IP were detected in a short period of time - this pattern is typical for ARP poisioning attack attempt
ID Number
9000012
Signature
-
MITRE ATT&CK Technique
-
Severity
medium
Recommendations/Investigative actions
Identify the asset call the POC (Point of Contact) at the site and ask if some kind of activity was performed or he is aware for a network bug. In addition, look for a relevant cyber attack rules at the same time, it can be an attampt of the attacker to performe an Arp Poisoning attack