Managed Sentinel – Alert 261
| Alert ID | MS-A261 |
| Alert Name | Excessive SSL VPN login failures - SonicWall |
| Description | Microsoft tracks a significant number of threat actors/malware/botnets etc so as to protect its products and services. The query shows traffic to known malicious IPs associated with various spam campaigns, botnets , virus etc. Examining traffic to these known malicious IPs is a potential avenue to discover attacks in your environment. The entities included in the notification indicate the internal hosts that accessed remote IPs identified as malicious. Review the incident in Azure Sentinel for full details including; source, destination IP, destination country, protocol, bytes transfered, threat type and confidence. |
| Severity Level | Low |
| Threat Indicator | |
| MITRE ATT&CK Tactics | CredentialAccess LateralMovement PrivilegeEscalation |
| Log sources | Common Security Log |
| False Positives | |
| Recommendations |