Managed Sentinel – Alert 257
| Alert ID | MS-A257 |
| Alert Name | Traffic to commonly abused TLDs - SonicWall |
| Description | Some top level domains (TLDs) are more commonly associated with malware for a range of reasons - including how easy domains on these TLDs are to obtain. Many of these may be undesirable from an enterprise policy perspective. The RequestCount column provides an initial insight into how widespread the domain usage is across the environment. |
| Severity Level | Low |
| Threat Indicator | |
| MITRE ATT&CK Tactics | CommandAndControl Exfiltration |
| Log sources | Common Security Logs |
| False Positives | |
| Recommendations |