Outbound traffic over SMB requiring investigation
Description
AlphaSOC detected suspicious outbound Server Message Block (SMB) traffic. SMB is typically used for file sharing and printer services within internal networks. Threat actors often use OSI application layer protocols such as SMB to exfiltrate data from compromised systems or to communicate with systems under their control within a victim's network, blending in with existing traffic to avoid detection.