I need a solution
Hello,
Recently we are observing events related to SMB bruteforce in the environment. I'm not sure what does it indicates. I checked Symantec documentation. The event secerity is low, but no clarity as tio what kind of activity this event indicates. If anyone have more understanding about this can share there views.
[SID: 30429] Audit: SMB Bruteforce Attempt attack blocked. Traffic has been blocked for this application: SYSTEM,
Local: XX.XX.XX.XX,
Local: 000000000000,
Remote: ,
Remote: XX.XX.XX.XX,
Remote: 000000000000,
Inbound,TCP,
Intrusion ID: 0,
Begin: 2017-12-07 10:41:36,
End: 2017-12-07 10:41:36,
Occurrences: 1,
Application: SYSTEM,
Location: Default,
User: XXXX,
Domain: XX,
Local Port 63283,
Remote Port 445,
CIDS Signature ID: 30429,
CIDS Signature string: Audit: SMB Bruteforce Attempt,
CIDS Signature SubID: 76406,
Intrusion URL: ,
Intrusion Payload URL:
0