Environment
- EDR (formerly Carbon Black Response): All supported versions
Question
Can Lateral Movement activities be detected with existing threat reports?
Answer
Yes, the "Lateral Movement - File Write to SMB Admin Shares" report has been added to the Bit9EndpointVisibility and Bit9AdvancedThreats feeds.
Additional Notes
If assistance is required to create custom watchlists or to modify the existing "Lateral Movement - File Write to SMB Admin Shares" report to suit the environment, options are
- Post questions in the Threat Research space in the UEX
- Request Professional Services with the help of CSM.
Related Content