Managed Sentinel – Alert 209
| Alert ID | MS-A209 |
| Alert Name | Access to phishing and peer-to-peer URLs |
| Description | This alert identifies connections to phishing and peer-to-peer sites Peer-to-peer (P2P) software allows connections from/to a corporate computer to a potential malicious Internet host. This poses a number of risks such as - download malware, pirated or copyrighted material, or pornography - permit external malicious users to access and share your organization files |
| Severity Level | Medium |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Pre-ATT&ACK Initial Access |
| Log sources | Firewalls |
| False Positive | Sanctioned Cloud applications |
| Recommendations | 1. Block this outbound traffic on perimeter firewall 2. Perform an AV/AM scan on the internal machine accessing this URL 3. Investigate on the public Threat Intelligence sites (e.g. virustotal.com) if the subject URL is indeed malicious |