Managed Sentinel – Alert 150

Alert IDMS-A150
Alert NameInternal systems using a large number of protocols
DescriptionDetects internal hosts accessing Internet hosts with a large number of protocols.
Severity LevelLow
Threat IndicatorReconnaissance
MITRE ATT&CK TacticsDiscovery
Exfiltration
Log sourcesFirewall
False PositiveSanctioned internal vulnerability scanning
Recommendations1. Perform a full EDR scan of the internal machines generating the large volume of scanning
2. Use Azure Sentinel to query and report all access from in scope internal machines to other internal hosts