Managed Sentinel – Alert 226
| Alert ID | MS-A226 |
| Alert Name | Squid proxy events related to mining pools |
| Description | Checks for squid proxy events associated with common mining pools. This query presumes the default squid log format is being used. |
| Severity Level | Low |
| Threat Indicator | Unauthorized Access |
| MITRE ATT&CK Tactics | Priviledge Escalation Credential Access Lateral Movement |
| Log sources | Web Proxy |
| False Positives | N/A |
| Recommendations | 1. Traffic to known mining pools can be blocked through the use of network black and whitelists 2. Perform a full AV/AM scan of the internal machine 3. Investigate in Azure Sentinel if any lateral attacks were done from the same entity (account or IP address) |