Managed Sentinel – Alert 060
| Alert ID | MS-A060 |
| Alert Name | Remote management access to internal Windows servers via VPN |
| Description | This alert is triggered when a VPN User attempts to connect to a Windows server remotely via VPN. |
| Severity Level | Informational |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Execution Discovery |
| Log sources | Firewalls |
| False Positives | Any flows involving corporate jumpboxes |
| Recommendations | Correct traffic by a perimeter firewall rules change. |