Rule Category

NETBIOS -- Snort has flagged on traffic on the netbios protocol, which is used to share files across a local network.

Alert Message

NETBIOS NT QUERY SECURITY DESC flowbit

Rule Explanation

This rule does not generate an event. It is used in conjunction with other rules to either reduce the possibility of false positives from occurring or to track the state of a connection. Impact: None. Details: This rule does not generate an event. It is used in conjunction with other rules to either reduce the possibility of false positives from occurring or to track the state of a connection. This rule is used by the sid(s) . Ease of Attack: NA

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Rule Vulnerability

CVE Additional Information