9000013

-

-

medium

Identify the source and destination, If the communication is authorized, call the POC (Point of Contact) at the site and ask if some kind of activity was performed or he is aware to a network bug caused this link to become inactive. If not look for a relevant cyber attack rule. it can be an attempt to create a c&c station of the attacker in the network