Managed Sentinel – Alert 099

Alert IDMS-A099
Alert NameAuthenticated Windows IIS connections matching Microsoft Threat Intelligence
DescriptionThis alert identifies connections to Windows IIS websites from authenticated users with an IP address matching the Microsoft Threat Intelligence feed.
Severity LevelMedium
Threat Indicator
MITRE ATT&CK TacticsCredential Access
Log sourcesW3CIISLog
False Positives
Recommendations