NETBIOS -- Snort has flagged on traffic on the netbios protocol, which is used to share files across a local network.
NETBIOS SMB SESSION_SETUP subcommand detected
This event is generated when the SMB SESSION_SETUP subcommand is detected. Impact: Generic Protocol Command Decode Details: Ease of Attack:
This rule alerts when the SMB SESSION_SETUP subcommand is detected. This is sometimes a precursor to SMB vulnerability exploitation.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
Tactic: Lateral Movement
Technique: Exploitation of Remote Services
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org