In recent years, exploits for SMB vulnerabilities such as Eternal Blue and Eternal Romance have been released and integrated into malware and attack frameworks. Exploits for NTLM vulnerabilities such as Rotten Potato have been integrated into tools like Juicy Potato, Mimikatz and Metasploit. While Cisco has been asking to their customers to apply vendor patches to protect themselves from these vulnerabilities, it was not providing any visibility into, or detection or prevention from these. Even if an enterprise is patched against these attacks, customers expect Cisco to detect an attempt. Therefore, the main challenge is to research how Cisco Secure Endpoint may detect network based attack against the endpoint or originating from it, while taking into account context, such as what local application is the source or destination of the network traffic.