SMB1 Access Audit And Detection

Overview

Enables SMB1 access auditing if disabled and scans event logs for recent SMB1 access attempts (Event IDs 1001, 3000) within the last hour. Returns exit codes for detection or script failure.

Sample Run

Play Button > Run Automation > Script
SampleRun1

Dependencies

Solution - SMB1 Access Audit
Compound Condition - SMB1 Traffic Audit

Automation Setup/Import

Automation Configuration

Output

Activity Details

Overview​

Sample Run​

Dependencies​

Automation Setup/Import​

Output​

Overview

Sample Run

Dependencies

Automation Setup/Import

Output