F022Suspiciousvalidator: blocked
Suspicious SMB connection from internal system to 172.16.6.14:445 in ESTABLISHED state
SMB connection to 172.16.6.14:445
Analyst narrative
TCP connection to 172.16.6.14:445 (SMB) from 172.16.6.11 in ESTABLISHED state suggests active SMB communication. Combined with other lateral movement indicators, suggests potential data theft or network reconnaissance.
Claims asserted
connection-
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
vol_netscan