Managed Sentinel – Alert 267
| Alert ID | MS-A267 |
| Alert Name | Potential beaconing detected - SonicWall |
| Description | Identifies beaconing patterns from SonicWall traffic logs based on recurrent timedelta patterns. The query leverages various KQL functions to calculate time deltas and then compares it with total events observed in a day to find percentage of beaconing. This outbound beaconing pattern to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts. |
| Severity Level | Informational |
| Threat Indicator | |
| MITRE ATT&CK Tactics | DefenseEvasion Persistence CommandAndControl |
| Log sources | Common Security Logs |
| False Positives | |
| Recommendations |