Managed Sentinel – Alert 161
| Alert ID | MS-A161 |
| Alert Name | Redirected DNS requests - Fortinet |
| Description | This alert identifies DNS requests that have been redirected due to Fortinet policies. |
| Severity Level | Low |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Credential Access Initial Access |
| Log sources | URL Filtering |
| False Positives | |
| Recommendations | 1. Block this outbound traffic on perimeter firewall 2. Perform an AV/AM scan on the internal machine accessing this URL 3. Investigate on the public Threat Intelligence sites (e.g. virustotal.com) if the subject URL is indeed malicious 4. Notify user about violation of corporate access use policies |