Detect Arp Poisoning


By enabling Dynamic ARP Inspection as a Layer 2 Security measure on the organization's network devices, we will be able to detect ARP Poisoning attacks in the Infrastructure.


Detect Arp Poisoning Help

This search uses a standard SPL query on logs from Cisco Network devices. The network devices must be configured with DHCP Snooping (see and Dynamic ARP Inspection (see and log with a severity level of minimum "5 - notification". The search also requires that the Cisco Networks Add-on for Splunk ( is used to parse the logs from the Cisco network devices.


Open in Search