Managed Sentinel – Alert 180
| Alert ID | MS-A180 |
| Alert Name | Internal hosts match 3 or more IPS Signatures in 24 hours - SonicWall |
| Description | This alert identifies connections from internal hosts that triggered 3 or more IPS signatures within one hour. This may indicate an internal compromised host. |
| Severity Level | Low |
| Threat Indicator | |
| MITRE ATT&CK Tactics | Execution Command And Control Defense Evasion Exfiltration |
| Log sources | CommonSecurityLog |
| False Positives | |
| Recommendations |