SMB1 Access Audit And Detection

Overview

Enables SMB1 access auditing if disabled and scans event logs for recent SMB1 access attempts (Event IDs 1001, 3000) within the last hour. Returns exit codes for detection or script failure.

Sample Run

Play Button > Run Automation > Script
SampleRun1

Dependencies

Solution - SMB1 Access Audit
Compound Condition - SMB1 Traffic Audit

Automation Setup/Import

Automation Configuration

Output

Activity Details

Changelog

2026-05-12

Updated the script to include the exit code feature for the Ninja to function properly during compound conditions script results check.

2025-10-29

Initial version of the document

Overview​

Sample Run​

Dependencies​

Automation Setup/Import​

Output​

Changelog​

2026-05-12​

2025-10-29​