Rule Library

Sigma Rules

1 rule found for "Mohamed Abdelghani"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Unsigned or Unencrypted SMB Connection to Share Established

Detects SMB server connections to shares without signing or encryption enabled. This could indicate potential lateral movement activity using unsecured SMB shares.

Windowssmbserver-connectivity

TA0008 · Lateral MovementT1021.002 · SMB/Windows Admin Shares

Mohamed AbdelghaniSun Oct 19windows