LIVE
CRITICAL: Ransomware beacon detected on PROD-DB-04 — T1486 Data EncryptedHIGH: Brute force SSH attempt from 185.220.101.47 — 2,847 attempts in 5minHIGH: Lateral movement detected CORP-WS-112 → CORP-WS-089 via SMBMEDIUM: Unusual PowerShell execution on CORP-WS-055 — T1059.001CRITICAL: C2 beacon to 91.92.251.103:443 from CORP-WS-034 — TA0011CRITICAL: Ransomware beacon detected on PROD-DB-04 — T1486 Data EncryptedHIGH: Brute force SSH attempt from 185.220.101.47 — 2,847 attempts in 5minHIGH: Lateral movement detected CORP-WS-112 → CORP-WS-089 via SMBMEDIUM: Unusual PowerShell execution on CORP-WS-055 — T1059.001CRITICAL: C2 beacon to 91.92.251.103:443 from CORP-WS-034 — TA0011
UTC --:--:--

Network Activity Monitor

Live · Sensor: NET-SENSOR-CORE-01 · Interface: eth0 · 10Gbps

4.70Gbps

Inbound Traffic

Peak: 7.4 Gbps at 14:22

↑ 23% vs baseline

1.37Gbps

Outbound Traffic

Normal range: 0.8–2.1 Gbps

↑ 8% vs baseline

14,823live

Active Connections

312 flagged suspicious

↑ 1,204 in last 5min

73/ 100

Anomaly Score

Threshold: 60 · Status: ALERT

↑ 18pts — elevated

2,841today

Blocked Threats

847 unique source IPs

↑ 347 in last hour

Bandwidth Utilization

Last 60 minutes · 5-min intervals · Gbps

Inbound Outbound

Protocol Distribution

By traffic volume %

HTTPS/TLS62.4%
HTTP12.8%
DNS8.3%
SMB6.1%
SSH4.7%
Other5.7%

Active Connections

6 flagged
Source IPSrc PortDestination IPDst PortProtocolBytesDurationGeoRisk ScoreStatusActions
10.0.1.555482191.92.251.103443HTTPS14.2 MB00:12:44🇷🇺 Moscow, RU94Suspicious
10.0.2.3449234185.220.101.4722SSH2.1 KB00:00:08🇩🇪 Frankfurt, DE87Blocked
10.0.1.11263441172.217.14.46443HTTPS847 KB00:04:12🇺🇸 Mountain View, US12Normal
10.0.3.78510238.8.8.853DNS4.8 KB00:00:01🇺🇸 Anycast, US8Normal
10.0.1.234412945.142.212.100443HTTPS3.4 MB00:07:33🇳🇱 Amsterdam, NL78Suspicious
10.0.2.895288110.0.1.15445SMB128 MB00:22:11🏠 Internal82Suspicious
10.0.1.3448823104.21.4.147443HTTPS1.2 MB00:02:44🇺🇸 San Francisco, US18Normal
10.0.4.1157443193.32.162.4880HTTP88 KB00:00:34🇷🇺 St. Petersburg, RU61Suspicious
10.0.2.6743201151.101.1.140443HTTPS3.8 MB00:09:02🇺🇸 Fastly CDN, US5Normal
10.0.1.886001277.88.21.3443HTTPS22 MB00:31:08🇷🇺 Moscow, RU91Suspicious
Showing 10 of 10 connections · 14,823 total active
...

Anomaly / IDS Alerts

4 new
critical14:51:08

Data Exfiltration

ET-EXFIL-2847

Unusual outbound volume from 10.0.1.55 → 91.92.251.103. 14.2 MB in 12 min.

Risk:
94
critical14:49:33

Port Scan Detected

ET-SCAN-0044

185.220.101.47 scanned 4,200 ports in 8 seconds from external.

Risk:
91
high14:47:22

SMB Lateral Movement

ET-LATERAL-1192

Internal SMB traffic spike: 10.0.2.89 → 10.0.1.15. 128 MB transferred.

Risk:
82
high14:45:11

DNS Tunneling

ET-DNS-TUNNEL-0018

High-entropy DNS TXT queries from 10.0.1.23. Avg query length: 187 chars.

Risk:
78
Acknowledged
medium14:42:58

Beaconing Pattern

ET-C2-BEACON-0337

Regular 300s interval connections from 10.0.1.88 → 77.88.21.3:443.

Risk:
61

Firewall Event Log

Last 500 events
TimeRule IDActionSource IPSrc PortDest IPDst PortProtoReasonHit Count
14:51:14FW-DENY-4821DENY🇩🇪 185.220.101.4710.0.1.1522TCPBlacklisted IP — TOR Exit Node2,847
14:51:09FW-DENY-3301DENY🇷🇺 91.92.251.10310.0.0.13389TCPRDP from external — policy violation14
14:50:58FW-ALLOW-0012ALLOW🇺🇸 10.0.1.5554821172.217.14.46443TCPOutbound HTTPS — corporate policy1
14:50:44FW-DROP-9182DROP🇳🇱 45.142.212.10010.0.2.0/24445TCPExternal SMB attempt — blocked388
14:50:31FW-DENY-7744DENY🇷🇺 193.32.162.4810.0.1.8880TCPKnown C2 infrastructure IP72
14:50:18FW-ALLOW-0008ALLOW🇺🇸 10.0.3.22498218.8.8.853UDPDNS resolution — allowed1
14:50:02FW-DROP-6612DROP🇷🇺 77.88.21.310.0.0.0/84444TCPMetasploit default port — blocked19
14:49:47FW-DENY-2291DENY🇨🇳 103.27.124.8810.0.1.1161UDPSNMP from untrusted zone44
8 events shown · 6 blocked · 2 allowed