Managed Sentinel – Alert 225

Alert IDMS-A225
Alert NameSquid proxy events for ToR proxies
DescriptionThis alerts checks for squid proxy events associated with common ToR proxies.
Severity LevelLow
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsCommand and Control
Log sourcesWeb Proxy
False PositivesN/A
Recommendations1. Traffic to known anonymity networks and C2 infrastructure can be blocked through the use of network black and white lists
2. Perform a full AV/AM scan of the internal machine
3. Investigate in Azure Sentinel if any lateral attacks were done from the same entity (account or IP address)