Managed Sentinel – Alert 023
| Alert ID | MS-A023 |
| Alert Name | DNS commonly abused TLDs (Top Level Domain) |
| Description | Some top level domains (TLDs) are more commonly associated with malware for a range of reasons - including how easy domains on these TLDs are to obtain. Many of these may be undesirable from an enterprise policy perspective. The clientCount column provides an initial insight into how widespread the domain usage is across the estate. Source: Github - Microsoft |
| Severity Level | Low |
| Threat Indicator | Data Theft |
| MITRE ATT&CK Tactics | Command and Control Exfiltration |
| Log sources | DNS Logs |
| False Positives | Unknown |
| Recommendations | Investigate ClientIP which returned as anomalous. Run a virus/antimalware scan on suspected hosts. Monitor traffic logs in perimeter firewall for any outlier patterns. |