...
Questions |
Are any endpoints performing recon activities?Security Findings → Port Scan Security Findings -> Address_Scan |
Are administrative tasks occurring from the non-admin subnets?
Discover → RPC Tab and SMB Mapping Tab → Query < |
Are users connecting to suspicious shares?Discover → SMB Mapping → Suspicious SMB Shares |
Which hosts (whether inside or outside) communicate with servers most often? What communication is happening at unusual times?Discover → Connection Analytics → Top Uploaders/Downloaders” |
Are there files being transferred over SMB where the file type does not match the file name?Discover → SMB Files → Query “ |
Which hosts are attempting to discover SMB shares?Discover→ SMB Mapping |
Which hosts are attempting to make multiple attempts at lateral movement?Security Findings → Lateral Movement Detected |
Was any host targeted with lateral movement and execution?Security Findings → Lateral Movement and Execution |
...