Managed Sentinel – Alert 032

Alert IDMS-A032
Alert NameExcessive Inbound Firewall Denies
DescriptionThis is an outlier type of alert, which will alert when an excessive number of denies firewall requests coming in from an untrusted zone.
Severity LevelLow
Threat IndicatorDenial of Service
MITRE ATT&CK TacticsPersistence
Discovery
Collection
Log sourcesFirewall Traffic Logs
False PositivesVulnerability scans
RecommendationsThis is an indicator of a targeted attack against one of the DMZ services. Engage Internet Service Provider to add the originator IP address(s) on the blacklist.