Managed Sentinel – Alert 060

Alert IDMS-A060
Alert NameRemote management access to internal Windows servers via VPN
DescriptionThis alert is triggered when a VPN User attempts to connect to a Windows server remotely via VPN.
Severity LevelInformational
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsExecution
Discovery
Log sourcesFirewalls
False PositivesAny flows involving corporate jumpboxes
RecommendationsCorrect traffic by a perimeter firewall rules change.