Last 24 hours
Generated 2026-02-17 06:31:44 UTC
Alert Timeline
Alert Severity Breakdown
| Severity | Count | % |
|---|---|---|
| Critical | 247 | 1.9 |
| High | 1,834 | 14.3 |
| Medium | 6,482 | 50.4 |
| Low | 4,284 | 33.4 |
Top Firing Signatures
Top Signatures
15 rows
| SID | Signature | Sev | Hits | Sources | Targets |
|---|---|---|---|---|---|
| 2024897 | ET POLICY Possible External IP Lookup | Medium | 4,284 | 142 | 12 |
| 2028371 | ET MALWARE Win32/AgentTesla Exfiltration | Critical | 847 | 3 | 8 |
| 2024792 | ET INFO Observed DNS Query to .cloud TLD | Low | 3,847 | 234 | 847 |
| 2013028 | ET POLICY curl User-Agent Outbound | Medium | 2,847 | 47 | 234 |
| 2019401 | ET SCAN Potential SSH Scan | High | 1,284 | 8 | 142 |
| 2025862 | ET HUNTING Possible Cobalt Strike Beacon | Critical | 234 | 2 | 4 |
| 2010935 | ET POLICY Suspicious inbound to mySQL port 3306 | High | 847 | 12 | 6 |
| 2024364 | ET INFO Observed Let's Encrypt Certificate | Low | 2,472 | 198 | 534 |
| 2027865 | ET MALWARE Trickbot CnC Beacon | Critical | 142 | 1 | 3 |
| 2016150 | ET INFO Session Traversal Utilities for NAT | Low | 1,847 | 84 | 247 |
| 2019714 | ET POLICY Observed DNS Query for Dynamic DNS | Medium | 623 | 14 | 42 |
| 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | High | 384 | 8 | 12 |
| 2027757 | ET HUNTING DNS Query for Suspicious .top Domain | Medium | 284 | 12 | 84 |
| 2029340 | ET INFO TLS Handshake Failure | Low | 1,284 | 142 | 312 |
| 2021076 | ET EXPLOIT Possible CVE-2021-44228 Log4j Attempt | Critical | 42 | 6 | 18 |
Top Alerted Hosts
Alerted Hosts
10 rows
| Source IP | Alerts | Unique Sigs | Max Severity | First Seen | Last Seen |
|---|---|---|---|---|---|
| 10.1.8.50 | 2,847 | 18 | Critical | 2026-02-16T07:31:44 | 2026-02-17T06:31:44 |
| 10.169.112.51 | 1,847 | 12 | Critical | 2026-02-16T08:31:44 | 2026-02-17T05:31:44 |
| 10.1.8.13 | 1,284 | 9 | High | 2026-02-16T10:31:44 | 2026-02-17T06:31:44 |
| 10.6.19.21 | 847 | 7 | High | 2026-02-16T12:31:44 | 2026-02-17T04:31:44 |
| 10.1.12.100 | 623 | 6 | Medium | 2026-02-16T07:31:44 | 2026-02-17T05:31:44 |
| 172.16.4.10 | 472 | 5 | High | 2026-02-16T14:31:44 | 2026-02-17T03:31:44 |
| 10.169.111.12 | 384 | 4 | Medium | 2026-02-16T16:31:44 | 2026-02-17T04:31:44 |
| 10.1.8.22 | 247 | 3 | Medium | 2026-02-16T18:31:44 | 2026-02-17T02:31:44 |
| 10.1.8.77 | 184 | 3 | Low | 2026-02-16T20:31:44 | 2026-02-17T01:31:44 |
| 172.16.4.25 | 142 | 2 | Low | 2026-02-16T22:31:44 | 2026-02-17T00:31:44 |
MITRE ATT&CK Tactics
| Tactic ID | Tactic | Alerts | Sources | Unique Rules |
|---|---|---|---|---|
| TA0043 | Reconnaissance | 1,847 | 42 | 8 |
| TA0001 | Initial Access | 847 | 18 | 6 |
| TA0002 | Execution | 384 | 12 | 4 |
| TA0003 | Persistence | 247 | 8 | 3 |
| TA0011 | Command and Control | 623 | 6 | 5 |
| TA0010 | Exfiltration | 142 | 3 | 3 |
| TA0007 | Discovery | 1,284 | 34 | 7 |
| TA0040 | Impact | 84 | 2 | 2 |