F044Inconclusivevalidator: blocked
Established connection to 172.16.6.14:445 (SMB lateral movement)
SMB connection to 172.16.6.14:445
Analyst narrative
Network connection from 172.16.6.11:445 to 172.16.6.14:65368 in ESTABLISHED state, indicating active SMB communication with peer system. Candidate observation for lateral movement via SMB/file sharing. Fact_ids: network_connection_fact-0000099.
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
vol_netscan