NF – Bad TLD domain – berlin DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .berlin. This domain ending is sometimes linked to suspicious or malicious activities.
NF – Bad TLD domain – accountants DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .accountants. This domain ending is sometimes linked to suspicious or malicious activities.
NF – Bad TLD domain – ICQ DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .ICQ. This domain ending is sometimes linked to suspicious or malicious activities.
PROTOCOL-ICMP Echo Reply
This alert is triggered when an ICMP Echo Reply message is received from an external network to the internal network. ICMP Echo Replies are typically responses to ping requests; however, unexpected Echo Replies may indicate a device is responding to pings from outside.
HTTPS connection attempt
This alert is triggered when an attempt is made to initiate a new HTTPS connection (TCP port 443) that does not complete the handshake. This could indicate potential scanning or probing activity aimed at identifying open HTTPS ports without establishing a full connection.