Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
---|---|---|---|---|---|---|
Tenable.io | Advanced Network Scan | Windows machines | Authenicated Scan | SMB | Interactive logins | Plugin ID: 161502 |
Tenable.io | Advanced Network Scan | Windows machines | Authenicated Scan | SMB | LLMNR Status | Plugin ID: 160301 |
Tenable.ad | Password Sync | Active Directory | Privileged AD User | RPC (135 + high ports) | User Password | Plugin ID: C-PASSWORD-HASHES-ANALYSIS |
Framework: MITRE ATT&CK
Family: Credential Access, Collection
Technique: Adversary-in-the-Middle
Sub-Technique: LLMNR/NBT-NS Poisoning and SMB Relay
Platform: Windows
Products Required: Tenable.io and Tenable.ad
Tenable Release Date: 2022 Q2