Managed Sentinel – Alert 209

Alert IDMS-A209
Alert NameAccess to phishing and peer-to-peer URLs
DescriptionThis alert identifies connections to phishing and peer-to-peer sites
Peer-to-peer (P2P) software allows connections from/to a corporate computer to a potential malicious Internet host. This poses a number of risks such as
- download malware, pirated or copyrighted material, or pornography
- permit external malicious users to access and share your organization files
Severity LevelMedium
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsPre-ATT&ACK
Initial Access
Log sourcesFirewalls
False PositiveSanctioned Cloud applications
Recommendations1. Block this outbound traffic on perimeter firewall
2. Perform an AV/AM scan on the internal machine accessing this URL
3. Investigate on the public Threat Intelligence sites (e.g. virustotal.com) if the subject URL is indeed malicious