Managed Sentinel – Alert 040

Alert IDMS-A040
Alert NameFirewall configuration change detected
DescriptionThis alert notifies Configuration changes performed by an user on firewall outside of business hours or planned change windows.
Severity LevelInformation
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsExecution
Log sourcesFirewalls
False PositiveEmergency change windows
RecommendationsIf the change has been approved or associated by the internal operation team, identify the type of change and understand the impact to the organization. Additional analysis will be required.