Managed Sentinel – Alert 099
| Alert ID | MS-A099 |
| Alert Name | Authenticated Windows IIS connections matching Microsoft Threat Intelligence |
| Description | This alert identifies connections to Windows IIS websites from authenticated users with an IP address matching the Microsoft Threat Intelligence feed. |
| Severity Level | Medium |
| Threat Indicator | |
| MITRE ATT&CK Tactics | Credential Access |
| Log sources | W3CIISLog |
| False Positives | |
| Recommendations |