SMB1 alerting

  • 1
  • Idea
  • Updated 2 days ago
  • (Edited)
Alerts make sense when SMB1 traffic is unexpected. If you see SMB1 traffic in reports, then there is probably no point to send emails with alerts. 

If required, here are the steps you can take to disable SMB1 alerting:

The marked signatures page can be accessed directly @
https://x.x.x.x/ids/marked.cgi

Click 'Delete' to delete the SMB alert 'Windows Network File Access (SMB1)'

Instead of facing a flood of emails, you can refer to the report Ransomware: Wannacry SMBv1 at the following page https://x.x.x.x/netmon/view.cgi?rid=507 to check for any file server using the SMB1 file share protocol which may be vulnerable to a Ransomware attack. 
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 2 years ago

  • 1
Photo of Luika Community Investments.

Luika Community Investments.

  • 1 Post
  • 0 Reply Likes

There was an error inaugural your copier. Printing purposes will not be obtainable until you have designated a printer and revived any leaflets. Visit this word: Hardwood Charcoal Supplier