Managed Sentinel – Alert 038

Alert IDMS-A038
Alert NameFile sharing traffic detected through perimeter firewall
DescriptionThis alert is triggered when Inbound/Outbound traffic detected on any file sharing ports.
Severity LevelInformational
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsExfiltration
Log sourcesFirewalls
False PositiveSanctioned Cloud applications
RecommendationsValidate if traffic is compliant with organization security policies. If not, apply firewall rules to block traffic to specific file sharing ports or applications.