high no. of deny firewall connections from same source outbound

Outbound  suspicious conditon

1. Bot installed in system

2. Malware installed give control to attacker and IP is blocked in firewall 

3. Some team is running new application Ann it's trying to connect but ip is blocked in firewall

Attribute :-  high no. of deny firewall connections from same source outbound

Outbound filter

Aggregation