Managed Sentinel – Alert 236

Alert IDMS-A236
Alert NameAccess to potentially malicious URLs
DescriptionThis alert identifies connections to potentially malicious URL
Severity LevelMedium
Threat IndicatorCompromised Host
MITRE ATT&CK TacticsPriviledge Escalation
Credential Access
LAteral Movement
Log sourcesURL Filtering
False PositiveBrowsers Adware
Incorrect Threat Intelligence feed
Recommendations1. Investigate the type of traffic allowed to the malicious IP address
2. Manually perform a validation of the malicious IP address on external Threat Intell sources (e.g www.abuseIPdb.com).
3. Identify the number of requests within a specific period of time which could be an solid indicator of a compromised host.
4. Perform a AV/AM scan for the affected internal machine
5. Complete a Sentinel investigation for the same entity (IP address or user account) to understand if any other lateral attacks were completed