Managed Sentinel – Alert 087
| Alert ID | MS-A087 |
| Alert Name | Anomalous number of denial messages in CommonSecurityLog |
| Description | This alert identifies outliers in the number of denials recorded in the CommonSecurityLog used by devices recording their logs in Common Event Format (CEF). |
| Severity Level | Informational |
| Threat Indicator | |
| MITRE ATT&CK Tactics | Execution |
| Log sources | Firewall Traffic Logs |
| False Positives | |
| Recommendations | 1. A misconfiguration of a device can trigger a spike in Sentinel logging. This is a typical event that will require immediated investigation |