port_445_scanning_outbound
Explanation
The port_445_scanning_outbound NDM is designed to detect scanning for SMB that is exiting the customer's network.
What to Look For
To examine the results of the port_445_scanning_outbound event, investigate possible infected endpoints that are exhibiting outbound scanning activity on port 445. Check network traffic for any suspicious activity on this port and review endpoint logs for signs of malware or other security threats. It is important to remediate any identified security issues as soon as possible to protect your network from further attacks.
Related MITRE ATT&CK Categories
Updated 4 days ago