outbound_rejected

Explanation

This NDM detects traffic attempting to leave the network that has been blocked or denied by network security policies. This event helps to identify potential threats or policy violations that could be compromising network security.

What to Look For

When reviewing the results of this event, it's important to examine the source and destination IP addresses, the protocol and port numbers used, and any accompanying information about the application or service attempting to transmit the traffic. Check for any compromised endpoints or malicious activity that could be triggering this event.