Managed Sentinel – Alert 257

Alert IDMS-A257
Alert NameTraffic to commonly abused TLDs - SonicWall
DescriptionSome top level domains (TLDs) are more commonly associated with malware for a range of reasons - including how easy domains on these TLDs are to obtain. Many of these may be undesirable from an enterprise policy perspective. The RequestCount column provides an initial insight into how widespread the domain usage is across the environment.
Severity LevelLow
Threat Indicator
MITRE ATT&CK TacticsCommandAndControl
Exfiltration
Log sourcesCommon Security Logs
False Positives
Recommendations