0 Replies Latest reply on Aug 2, 2017 7:58 AM by epouch

    MAR/TIE  to look for possible SMB events and unauthorized powershell usage.

    epouch

      SMB, the Server Message Block protocol, which is a network file sharing protocol used extensively in Windows.  We’re looking to see how much we can get out of MAR/TIE and leverage it to look for possible SMB events and even some unauthorized powershell usage. I am still figuring out what capabilities MAR/TIE have.