This is an outlier type of alert which presents the abnormal spikes in outbound traffic leaving the company network towards an untrusted zone.
MITRE ATT&CK Tactics
Firewall Traffic Logs
Asset Inventory Application scanners
(if organization is not blocking outbound traffic in perimeter firewall)
Review configuration of the internal machine(s) that is/are generating this traffic. This is can be a indicator of a compromised machine initiating data transfer towards other internal or external hosts.