Managed Sentinel – Alert 180

Alert IDMS-A180
Alert NameInternal hosts match 3 or more IPS Signatures in 24 hours - SonicWall
DescriptionThis alert identifies connections from internal hosts that triggered 3 or more IPS signatures within one hour. This may indicate an internal compromised host.
Severity LevelLow
Threat Indicator
MITRE ATT&CK TacticsExecution
Command And Control
Defense Evasion
Exfiltration
Log sourcesCommonSecurityLog
False Positives
Recommendations