NF – Bad TLD domain – ga DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .download, sometimes linked to phishing activity.
NF – Bad TLD domain – top DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .top, sometimes linked to phishing activity.
SMTP_B64_DECODING_FAILED
This alert is triggered when an SMTP (email) message fails Base64 decoding, which may indicate a malformed or potentially suspicious email, possibly attempting to bypass security filters.
NF – Bad TLD domain – email DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .email, sometimes linked to phishing activity.
NF – Bad TLD domain – solutions DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .solutions, sometimes linked to phishing activity.