Managed Sentinel – Alert 210

Alert IDMS-A210
Alert NameUnusual number of log entries in CommonSecurityLog
DescriptionThis alert identifies a significant change in the number of events recorded by a device in the CommonSecurityLog.
Severity LevelInformational
Threat Indicator
MITRE ATT&CK TacticsExfiltration
Command And Control
Log sourcesCommonSecurityLog
False Positives
Recommendations