Managed Sentinel – Alert 167
| Alert ID | MS-A167 |
| Alert Name | DNS queries for domain used by the Telegraph chat app - Squid |
| Description | This alert identifies DNS queries for api.telegraph.com, an indicator of use of Telegraph chat app. The Telegraph chat app is often used as an extra measure to hide malicious actions. |
| Severity Level | Low |
| Threat Indicator | |
| MITRE ATT&CK Tactics | CredentialAccess |
| Log sources | Squid logs |
| False Positives | |
| Recommendations |