SecurityHive

Some customers of SecurityHive reported detections on their SMB sensors with random timestamps. After investigating this issue together with a customer, we discovered Microsoft Advanced Threat Analytics may be searching your network.

The software of Microsoft requires port 445 to be open on devices. It will ping the ports and gather information when possible. This may also trigger your Honeypot.

Exclude the Honeypot from the software or whitelist the source in the SecurityHive Portal. Whitelisting can make your Honeypot blind for an attacker which uses the source IP+Port.

More information about excluding in Microsoft ATA: <a href="https://docs.microsoft.com/en-us/advanced-threat-analytics/excluding-entities-from-detections" rel="nofollow noopener noreferrer" target="_blank">https://docs.microsoft.com/en-us/advanced-threat-analytics/excluding-entities-from-detections</a>

Are you receiving random connections on SMB which you can't clarify? It may be Microsoft Advanced Threat Analytics searching your network.

Random connections on SMB

Dashboard

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you