Managed Sentinel – Alert 167

Alert IDMS-A167
Alert NameDNS queries for domain used by the Telegraph chat app - Squid
DescriptionThis alert identifies DNS queries for api.telegraph.com, an indicator of use of Telegraph chat app. The Telegraph chat app is often used as an extra measure to hide malicious actions.
Severity LevelLow
Threat Indicator
MITRE ATT&CK TacticsCredentialAccess
Log sourcesSquid logs
False Positives
Recommendations