SID 1:44489

Report a false positive

Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER SMBv1 protocol detection attempt

Rule Explanation

This event is generated when network traffic that indicates POLICY-OTHER SMBv1 protocol detection attempt is being used. Impact: Possible policy violation. The use of POLICY-OTHER SMBv1 protocol detection attempt may be prohibited by corporate policy in some network environments. Details: This event indicates that the POLICY-OTHER SMBv1 protocol detection attempt is being used on the protected network. Ease of Attack: Simple.

What To Look For

This rule fires when SMBv1 is detected on the network.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos

Rule Groups

No rule groups

CVE

None

Additional Links

github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb1.rb

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Lateral Movement

Technique: Exploitation of Remote Services

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org