Managed Sentinel – Alert 028
| Alert ID | MS-A028 |
| Alert Name | DNS high reverse DNS count (Outlier) |
| Description | Clients with a high reverse DNS count could be carrying out scanning activity. Source: Github - Microsoft |
| Severity Level | Low |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Discovery |
| Log sources | DNS Logs |
| False Positives | Unknown |
| Recommendations | It is recommended to review the Firewall\Webproxy logs in relation to the ClientIP making the DNS requests. |