Login
    Contents x
    Zeek SMB
    • 04 Nov 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Zeek SMB

    • Updated on 04 Nov 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Zeek's SMB logs provide visibility into SMB (Server Message Block) traffic, capturing details about file shares, authentication, and command execution on a network. They include:

    • smb.log: Summarizes SMB session info, including commands and status.

    • smb_files.log: Tracks file access details (e.g., file name, path, action).

    • smb_mapping.log: Logs SMB share mappings, showing shared resources accessed.

    • smb_cmd.log: Records specific SMB commands executed.

    • dce_rpc.log: Logs RPC calls over SMB, useful for monitoring remote procedure calls.

    • ntlm.log: Captures NTLM authentication attempts, indicating user authentication data.

    • kerberos.log: Tracks Kerberos authentication events, providing insight into domain logins.

    These logs are essential for detecting suspicious SMB activity, such as unauthorized access or lateral movement.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence