Managed Sentinel – Alert 150
| Alert ID | MS-A150 |
| Alert Name | Internal systems using a large number of protocols |
| Description | Detects internal hosts accessing Internet hosts with a large number of protocols. |
| Severity Level | Low |
| Threat Indicator | Reconnaissance |
| MITRE ATT&CK Tactics | Discovery Exfiltration |
| Log sources | Firewall |
| False Positive | Sanctioned internal vulnerability scanning |
| Recommendations | 1. Perform a full EDR scan of the internal machines generating the large volume of scanning 2. Use Azure Sentinel to query and report all access from in scope internal machines to other internal hosts |