A storage resource (typically a folder or drive) made available from one host to others using network protocols, such as Server Message Block (SMB) or Network File System (NFS)[1]
Opening a network share, which makes the contents available to the requestor (ex: Windows EID 5140 or 5145)
Opening a network share, which makes the contents available to the requestor (ex: Windows EID 5140 or 5145)
| Domain | ID | Name | Detects | |
|---|---|---|---|---|
| Enterprise | T1039 | Data from Network Shared Drive |
Monitor for unexpected and abnormal accesses to network shares. |
|
| Enterprise | T1570 | Lateral Tool Transfer |
Monitor for unexpected network share access, such as files transferred between shares within a network using protocols such as SMB. |
|
| Enterprise | T1021 | Remote Services |
Monitor interactions with network shares, such as reads or file transfers, using remote services such as Server Message Block (SMB). |
|
| .002 | SMB/Windows Admin Shares |
Monitor interactions with network shares, such as reads or file transfers, using Server Message Block (SMB). |
||
| Enterprise | T1080 | Taint Shared Content |
Monitor for unexpected and abnormal accesses to network shares, especially those also associated with file activity. |
|