- Threat Encyclopedia
- Network Content Inspection Rules
- DDI RULE 4479
NTLM v1 Authentication - SMB (Request)
Attack Phase: Point of Entry or Lateral Movement
Protocol: SMB/SMB2
Risk Type: OTHERS
(Note: OTHERS can be network connections related to hacking attempts, exploits, connections done by grayware, or suspicious traffic.)
Threat Type: Suspicious Behavior
Confidence Level: Medium
Severity: Informational(Outbound)
DDI Default Rule Status: Disable
Behavior Indicator: Login Attempt
APT Related: YES