Managed Sentinel – Alert 183

Alert IDMS-A183
Alert NameInternal Hosts Using POP3 or IMAP Email Clients - SonicWall
DescriptionThis alert identifies internal hosts accessing unsanctioned SMTP servers. Internal hosts should only use the SMTP relay servers configured for internal use.
Severity LevelLow
Threat Indicator
MITRE ATT&CK TacticsDefensiveEvasion
Execution
Exfiltration
Log sourcesCommonSecurityLog
False Positives
Recommendations