Managed Sentinel – Alert 054
| Alert ID | MS-A054 |
| Alert Name | High severity IPS Signatures from sources originating from internal network |
| Description | This is an indicator that an internal host has been compromised that is trying to a Command & Control site |
| Severity Level | High |
| Threat Indicator | Compromised host |
| MITRE ATT&CK Tactics | Execution Exfiltration Command and Control |
| Log sources | IPS |
| Recommendations | 1. Perform an investigation in Azure Sentinel and understand if any other alerts relates to the internal host 2. Isolate impacted internal host from corporate network 3. Perform a full EDR scan on the affected internal host 4. If malicious content was detected on the host, perform a full OS re-image the machine |