Managed Sentinel – Alert 032
| Alert ID | MS-A032 |
| Alert Name | Excessive Inbound Firewall Denies |
| Description | This is an outlier type of alert, which will alert when an excessive number of denies firewall requests coming in from an untrusted zone. |
| Severity Level | Low |
| Threat Indicator | Denial of Service |
| MITRE ATT&CK Tactics | Persistence Discovery Collection |
| Log sources | Firewall Traffic Logs |
| False Positives | Vulnerability scans |
| Recommendations | This is an indicator of a targeted attack against one of the DMZ services. Engage Internet Service Provider to add the originator IP address(s) on the blacklist. |