SMB Traffic Spike

Description

This search looks for spikes in the number of Server Message Block (SMB) traffic connections.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Ransomware

Alert Volume

This search looks for spikes in the number of Server Message Block (SMB) traffic connections.

SPL Difficulty

None

Journey

Stage 2

MITRE ATT&CK Tactics

Lateral Movement

MITRE ATT&CK Techniques

Remote Services

SMB/Windows Admin Shares

MITRE Threat Groups

APT3
APT32
APT39
Blue Mockingbird
Chimera
Deep Panda
FIN8
Ke3chang
Lazarus Group
Orangeworm
Threat Group-1314
Turla
Wizard Spider

Kill Chain Phases

Actions On Objectives

Data Sources

Network Communication

   Help

SMB Traffic Spike Help

This search requires you to be ingesting your network traffic logs and populating the Network_Traffic data model.

   Search

Open in Search