F019Suspiciousvalidator: blocked
Admin-share access to 172.16.5.26 / 172.16.10.12
Admin-share access to internal hosts (Lateral Movement)
Analyst narrative
Event log + network IOC facts show admin-share access to internal hosts 172.16.5.26 and 172.16.10.12. Candidates cand-0010/cand-0022.
Claims asserted
pathevent_log_fact-0026891
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
extract_network_iocsparse_event_logs