NF – Bad TLD domain – travel DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .travel. This domain ending is sometimes linked to suspicious or malicious activities.
NF – POLICY – Bitsadmin tool used to do downloads – BITS 4.0
This alert is triggered when the Bitsadmin tool is used to initiate an HTTP download from an internal network device. Bitsadmin, a command-line tool, is often used to transfer files and can be exploited by malware for data exfiltration or unauthorized downloads.
NF – ISCSI – ISCSI auth message None – Mounted device on Internal net – Auth None used – Data in clear txt
This alert is triggered when an iSCSI authentication message with "AuthMethod=None" is detected from an internal device to an external network. This indicates that an iSCSI connection is being established with no authentication.
NF – ISCSI – ISCSI auth message None – Mounted device on External net – Auth None used – Data in clear txt
This alert is triggered when an iSCSI authentication message with "AuthMethod=None" is detected from an external network to an internal device. This indicates that an iSCSI connection is being established with no authentication.
NF – POLICY ask.com
This alert is triggered when a DNS query attempts to resolve a domain related to "ask.com.".