LIVE
CRITICAL: Ransomware beacon detected on PROD-DB-04 — T1486 Data EncryptedHIGH: Brute force SSH attempt from 185.220.101.47 — 2,847 attempts in 5minHIGH: Lateral movement detected CORP-WS-112 → CORP-WS-089 via SMBMEDIUM: Unusual PowerShell execution on CORP-WS-055 — T1059.001CRITICAL: C2 beacon to 91.92.251.103:443 from CORP-WS-034 — TA0011CRITICAL: Ransomware beacon detected on PROD-DB-04 — T1486 Data EncryptedHIGH: Brute force SSH attempt from 185.220.101.47 — 2,847 attempts in 5minHIGH: Lateral movement detected CORP-WS-112 → CORP-WS-089 via SMBMEDIUM: Unusual PowerShell execution on CORP-WS-055 — T1059.001CRITICAL: C2 beacon to 91.92.251.103:443 from CORP-WS-034 — TA0011
UTC --:--:--

Unified Security Operations

Live · Last refresh: 14:51:16 UTC · Shift: Day (08:00–20:00)

LIVE
23unresolved

Critical Alert Queue

5 escalated · 18 new

+7 in last hour

11open

Active Incidents

3 crit · 5 high · 3 med

3 critical severity

4.2min avg

MTTD

Target: <5 min

↓ 0.8min vs yesterday

38min avg

MTTR

Target: <30 min

↑ 6min vs yesterday

94.7%

IOC Hit Rate

1,247 IOCs matched today

↑ 2.1% vs last week

87.3%

Asset Coverage

342 / 392 assets active

43 assets unmonitored

Live Cyber Attack Map

7 active flows
Loading attack map...

Live Threat Feed

critical14:51:02

Ransomware C2 Beacon

PROD-DB-04 → 91.92.251.103:443

T1486Impact🇷🇺 LockBit 3.0
critical14:50:44

Credential Dumping Detected

LSASS memory access on CORP-DC-01

T1003.001Credential Access🇷🇺 APT29
high14:49:18

SSH Brute Force Attack

185.220.101.47 → 10.0.1.15:22

T1110Credential Access🇩🇪 Unknown
critical14:48:33

Lateral Movement via SMB

CORP-WS-112 → CORP-WS-089 PsExec

T1021.002Lateral Movement🇨🇳 APT41
high14:47:55

Malicious PowerShell Exec

Encoded command CORP-WS-055

T1059.001Execution🇺🇸 Unknown
medium14:46:21

DNS Tunneling Suspected

High-entropy TXT queries from CORP-WS-023

T1071.004C2🇨🇳 Unknown
high14:45:09

Privilege Escalation

Token impersonation on CORP-SRV-08

T1134Priv Esc🇰🇵 Lazarus
medium14:44:47

Suspicious Reg Modification

HKLM\Run key modified CORP-WS-077

T1547.001Persistence🇮🇷 Unknown

Alert Volume by Severity

Last 24 hours · 2-hour intervals

Critical High Medium

Attack Origin Countries

Total attacks attributed today

2,619 total

Active Incidents

8 open
Incident IDTitleThreat ActorAffected AssetMITRESeverity StatusAssigneeSLA Left Actions
INC-2024-0846Credential Dumping via LSASS🇷🇺 APT29CORP-DC-01T1003.001criticalOpenM. Osei8m
INC-2024-0847Ransomware Deployment Attempt🇷🇺 LockBit 3.0PROD-DB-04T1486criticalInvestigatingK. Larsen12m
INC-2024-0845Lateral Movement via SMB🇨🇳 APT41CORP-WS-112T1021.002criticalInvestigatingS. Nakamura24m
INC-2024-0844Malicious PowerShell Execution🇺🇸 Unknown TACORP-WS-055T1059.001highInvestigatingK. Larsen47m
INC-2024-0842Privilege Escalation — Token Impersonation🇰🇵 Lazarus GroupCORP-SRV-08T1134highOpenM. Osei1h 5m
INC-2024-0843DNS Tunneling Activity🇨🇳 Unknown TACORP-WS-023T1071.004highContainedR. Patel1h 28m
INC-2024-0841Registry Run Key Persistence🇮🇷 Unknown TACORP-WS-077T1547.001mediumInvestigatingS. Nakamura2h 20m
INC-2024-0840SSH Brute Force Campaign🇩🇪 Unknown TA10.0.1.15T1110mediumContainedR. Patel3h 40m
Showing 8 of 8 incidents

System Health

7/8 operational

SIEM Engine

48.2K/s

Operational
12ms

EDR Platform

312 agents

Operational
8ms

Firewall Cluster

2.1M rules

Degraded
94ms

IDS/IPS Engine

98.7% uptime

Operational
6ms

Threat Intel Feed

1.4M IOCs

Operational

SOAR Playbooks

47 active

Operational
22ms

Vuln Scanner

342 assets

Scanning

Log Aggregator

12.8 TB/day

Operational
3ms
Overall health
87.5%