Managed Sentinel – Alert 161

Alert IDMS-A161
Alert NameRedirected DNS requests - Fortinet
DescriptionThis alert identifies DNS requests that have been redirected due to Fortinet policies.
Severity LevelLow
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsCredential Access
Initial Access
Log sourcesURL Filtering
False Positives
Recommendations1. Block this outbound traffic on perimeter firewall
2. Perform an AV/AM scan on the internal machine accessing this URL
3. Investigate on the public Threat Intelligence sites (e.g. virustotal.com) if the subject URL is indeed malicious
4. Notify user about violation of corporate access use policies