This event detects a route table change.
Why this Event is Important
A route table is one of the key components in networking. Route table change events can be used to detect the route that packets take in a network to reach a certain destination. Sometimes this may indicate a DOS (Denial Of Service) or DDOS (Distributed Denial Of Service) where an attacker might try to forward the network traffic to a malicious gateway, causing loss of availability.
Analyze the logs to find any unauthorized route changes. If you have any WAFs (Web Application Firewalls), review the rules and modify the ones that increase exposure.
Ensure that all allowed routes are documented and that these changes are made by authorized personnel.