Managed Sentinel – Alert 225
| Alert ID | MS-A225 |
| Alert Name | Squid proxy events for ToR proxies |
| Description | This alerts checks for squid proxy events associated with common ToR proxies. |
| Severity Level | Low |
| Threat Indicator | Unauthorized Access |
| MITRE ATT&CK Tactics | Command and Control |
| Log sources | Web Proxy |
| False Positives | N/A |
| Recommendations | 1. Traffic to known anonymity networks and C2 infrastructure can be blocked through the use of network black and white lists 2. Perform a full AV/AM scan of the internal machine 3. Investigate in Azure Sentinel if any lateral attacks were done from the same entity (account or IP address) |