Network Share

A storage resource (typically a folder or drive) made available from one host to others using network protocols, such as Server Message Block (SMB) or Network File System (NFS)[1]

ID: DS0033
Platforms: Linux, Windows, macOS
Collection Layer: Host
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 30 March 2022

Data Components

Network Share: Network Share Access

Opening a network share, which makes the contents available to the requestor (ex: Windows EID 5140 or 5145)

Network Share: Network Share Access

Opening a network share, which makes the contents available to the requestor (ex: Windows EID 5140 or 5145)

Domain ID Name Detects
Enterprise T1039 Data from Network Shared Drive

Monitor for unexpected and abnormal accesses to network shares.

Enterprise T1570 Lateral Tool Transfer

Monitor for unexpected network share access, such as files transferred between shares within a network using protocols such as SMB.

Enterprise T1021 Remote Services

Monitor interactions with network shares, such as reads or file transfers, using remote services such as Server Message Block (SMB).

.002 SMB/Windows Admin Shares

Monitor interactions with network shares, such as reads or file transfers, using Server Message Block (SMB).

ICS T0886 Remote Services
Enterprise T1080 Taint Shared Content

Monitor for unexpected and abnormal accesses to network shares, especially those also associated with file activity.

References