SMB1 Traffic Audit
Summary
This Compound Condition creates an alert on Servers with SMB1 Protocol enabled and if SMB1 access attempts (Event IDs 1001, 3000) is detected within the last hour
Details
- Name:
SMB1 Traffic Audit - Description:
This Compound Condition creates an alert on Servers with SMB1 Protocol enabled and if SMB1 access attempts (Event IDs 1001, 3000) is detected within the last hour - Recommended Agent Policies:
Windows Server
Dependencies
Solution - SMB1 Access Audit
Automation - SMB1 Access Audit And Detection