This alerts checks for squid proxy events associated with common ToR proxies.
MITRE ATT&CK Tactics
Command and Control
1. Traffic to known anonymity networks and C2 infrastructure can be blocked through the use of network black and white lists
2. Perform a full AV/AM scan of the internal machine
3. Investigate in Azure Sentinel if any lateral attacks were done from the same entity (account or IP address)