MS-A267

Managed Sentinel – Alert 267

Alert IDMS-A267
Alert NamePotential beaconing detected - SonicWall
DescriptionIdentifies beaconing patterns from SonicWall traffic logs based on recurrent timedelta patterns. The query leverages various KQL functions to calculate time deltas and then compares it with total events observed in a day to find percentage of beaconing. This outbound beaconing pattern to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts.
Severity LevelInformational
Threat Indicator
MITRE ATT&CK TacticsDefenseEvasion
Persistence
CommandAndControl
Log sourcesCommon Security Logs
False Positives
Recommendations

Close