This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .loan. This domain ending is sometimes linked to suspicious or malicious activities.
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .men. This domain ending is sometimes linked to suspicious or malicious activities.
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .ml. This domain ending is sometimes linked to suspicious or malicious activities.
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .mom. This domain ending is sometimes linked to suspicious or malicious activities.
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .party. This domain ending is sometimes linked to suspicious or malicious activities.
This alert is triggered when a large number of NXDOMAIN responses (non-existent domain replies) are received from external DNS servers. A high frequency of NXDOMAIN replies may indicate potential malicious activity like DNS tunneling or reconnaissance.
This alert is triggered when an outbound connection attempt is made from an internal network device to an external server over SMB (ports 139 or 445). Outbound SMB traffic may expose internal resources to external threats or be exploited for data exfiltration.
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .ICQ. This domain ending is sometimes linked to suspicious or malicious activities.
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .accountants. This domain ending is sometimes linked to suspicious or malicious activities.
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .berlin. This domain ending is sometimes linked to suspicious or malicious activities.