Managed Sentinel – Alert 087

Alert IDMS-A087
Alert NameAnomalous number of denial messages in CommonSecurityLog
DescriptionThis alert identifies outliers in the number of denials recorded in the CommonSecurityLog used by devices recording their logs in Common Event Format (CEF).
Severity LevelInformational
Threat Indicator
MITRE ATT&CK TacticsExecution
Log sourcesFirewall Traffic Logs
False Positives
Recommendations1. A misconfiguration of a device can trigger a spike in Sentinel logging. This is a typical event that will require immediated investigation