smb_brute_external_internal
Explanation
This event is triggered by Netography's Fusion Portal when it detects a brute force password guessing attack against SMB. SMB is the Microsoft Windows File Sharing protocol, also known as Server Message Block. This event specifically looks for activity from the Internet toward Internet facing Windows servers on your network.
What to Look For
Under most circumstances Windows SMB file sharing should not be directly exposed to the Internet. Ensure that strong passwords are in use to prevent successful attacks. Check network logs for additional information and review endpoint security to ensure that sensitive information is secure.
Related MITRE ATT&CK Categories
Updated about 1 month ago