port_445_scanning_outbound

Explanation

The port_445_scanning_outbound NDM is designed to detect scanning for SMB that is exiting the customer's network.

What to Look For

To examine the results of the port_445_scanning_outbound event, investigate possible infected endpoints that are exhibiting outbound scanning activity on port 445. Check network traffic for any suspicious activity on this port and review endpoint logs for signs of malware or other security threats. It is important to remediate any identified security issues as soon as possible to protect your network from further attacks.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise

Active Scanning, Technique T1595 - Enterprise