Hi,
coming for help again. i am trying to track smb traffic in me network but specifically smbv1 and v1.2 since they are both vulnerable.
i tried a few things in splunk but cant seem to capture specific versions of smb. any help is great.