Triggers when a remote public SBM connection has been found

Query Information

Description

Defender XDR

DeviceNetworkEvents
| where RemoteIPType == "Public"
| where RemotePort == 445
| where ActionType == "ConnectionSuccess"
| project-reorder Timestamp, DeviceName, RemoteIP

Sentinel

DeviceNetworkEvents
| where RemoteIPType == "Public"
| where RemotePort == 445
| where ActionType == "ConnectionSuccess"
| project-reorder TimeGenerated, DeviceName, RemoteIP

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RemoteSMBConnection.md

RemoteSMBConnection.md

Triggers when a remote public SBM connection has been found

Query Information

Description

Defender XDR

Sentinel

Files

RemoteSMBConnection.md

Latest commit

History

RemoteSMBConnection.md

File metadata and controls

Triggers when a remote public SBM connection has been found

Query Information

Description

Defender XDR

Sentinel