F018Inconclusivevalidator: blocked
SMB connection to external host 172.16.7.15 port 445
172.16.7.15:445
Analyst narrative
Established TCP connection from local system 172.16.6.11 to 172.16.7.15:445 (SMB) with no owning process. Indicates lateral movement via SMB share access or file sharing exploitation.
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
vol_netscan