Managed Sentinel – Alert 035
| Alert ID | MS-A035 |
| Alert Name | Excessive Outbound Firewall Denies |
| Description | This is an outlier type of alert, which will alert when an excessive number of denies firewall requests going out towards an untrusted zone. |
| Severity Level | High |
| Threat Indicator | Compromised Host |
| MITRE ATT&CK Tactics | Persistence Discovery Collection |
| Log sources | Firewall Traffic Logs |
| False Positives | Asset Inventory Application scanners Vulnerability scans |
| Recommendations | Review configuration of the internal machine that is generating this traffic. This is a indicator of a compromised machine initiating an attack towards other internal or external hosts. Quarantine internal machine. |