Alert Knowledge Base
Information about various alert categories and types of alerts you might see on your Sentinel, especially the more critical and interesting ones. (A Work in Progress)
Malware Analysis
- MALWARE Observed Honeygain Domain (api .honeygain .com in TLS SNI)
- TROJAN Possible Malicious Invoice EXE
- MALWARE User-Agent (Firefox) - Possible Trojan Downloader
- MALWARE TakeMyFile User-Agent
- TROJAN Large DNS Query possible covert channel
- TROJAN MS Remote Desktop edc User Login Request