Scribd Logo
Upload

Welcome to Scribd!

  • Daily Reports Postilion: Alarms - A05W063

    Uploaded by

    mybooks all
    15 views7 pages
    ad

    Original Title

    adad

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ad

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views7 pages

    Daily Reports Postilion: Alarms - A05W063

    Uploaded by

    mybooks all
    ad

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Daily reports Postilion

    Alarms - A05W063 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05W063

    Alarms - A05L020 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05L020

    Alarms - A05W067 from: 2018-06-06 to: 2018-06-06

    Alarm Risk Source Destination


    Environmental Awareness - Suspicious Behaviour - Account 2 A05W067 A05W067
    Lockout (1 events)
    Environmental Awareness - Suspicious Behaviour - Account 2 A05W067 A05W067
    Lockout (1 events)

    Alarms - A05W068 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05W068

    Alarms - A05W069 from: 2018-06-06 to: 2018-06-06

    Alarm Risk Source Destination


    Delivery & Attack - Bruteforce Authentication - SSH (116 events) 1 A05W069 A05L018
    Delivery & Attack - Bruteforce Authentication - Linux/Unix 1 A05W069 A05L018
    (57 events)
    Delivery & Attack - Bruteforce Authentication - SSH (116 events) 1 A05W069 A05L016
    Delivery & Attack - Bruteforce Authentication - SSH (116 events) 1 A05W069 A05L019
    Delivery & Attack - Bruteforce Authentication - Linux/Unix 1 A05W069 A05L019
    (58 events)

    Alarms - A05W070 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05W070

    Alarms - A05L015 from: 2018-06-06 to: 2018-06-06

    Alarm Risk Source Destination


    Delivery & Attack - Bruteforce Authentication - SSH (116 events) 1 A05W069 A05L015
    Delivery & Attack - Bruteforce Authentication - Linux/Unix 1 A05W069 A05L015
    (57 events)

    Alarms - A05L016 from: 2018-06-06 to: 2018-06-06

    User: admin / 2018-06-07 07:19:33 Page 1 / 7


    Daily reports Postilion

    Alarm Risk Source Destination


    Delivery & Attack - Bruteforce Authentication - SSH (116 events) 1 A05W069 A05L016
    Delivery & Attack - Bruteforce Authentication - Linux/Unix 1 0.0.0.0 A05L016
    (57 events)

    Alarms - A05L017 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05L017

    Alarms - A05L019 from: 2018-06-06 to: 2018-06-06

    Alarm Risk Source Destination


    Delivery & Attack - Bruteforce Authentication - SSH (116 events) 1 A05W069 A05L019
    Delivery & Attack - Bruteforce Authentication - Linux/Unix 1 A05W069 A05L019
    (58 events)

    Alarms - a03l020 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for a03l020

    Alarms - A05W065 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05W065

    Alarms - I05W002 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for I05W002

    Alarms - I05L001 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for I05L001

    Alarms - I05L002 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for I05L002

    Alarms - I05L000 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for I05L000

    Alarms - I05W003 from: 2018-06-06 to: 2018-06-06

    User: admin / 2018-06-07 07:19:33 Page 2 / 7


    Daily reports Postilion

    No Alarms Found for I05W003

    Alarms - A01W031 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A01W031

    Alarms - A01W024 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A01W024

    Alarms - A00W195 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A00W195

    Alarms - I05W001 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for I05W001

    Alarms - A05W060 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05W060

    Alarms - A05W061 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05W061

    Alarms - A05W062 from: 2018-06-06 to: 2018-06-06

    No Alarms Found for A05W062

    Alarm events - Alarm events. Last 25 Events: from: 2018-06-06 to: 2018-06-06

    Event Name Date GMT+2:00 Source Destination Risk

    User: admin / 2018-06-07 07:19:33 Page 3 / 7


    Daily reports Postilion

    directive_event: AV Bruteforce attack, SSH


    service authentication attack against 10.20.20.23 2018-06-06 23:22:40 A05W069:11578 A05L018:22

    directive_event: AV Bruteforce attack, login


    2018-06-06 23:22:31 A05W069 A05L018
    authentication attack against 10.20.20.23
    directive_event: AV Bruteforce attack, SSH
    service authentication attack against 10.20.20.23 2018-06-06 23:22:29 A05W069:11423 A05L018:22

    directive_event: AV Bruteforce attack, SSH


    service authentication attack against 10.20.20.23 2018-06-06 23:22:14 A05W069:11358 A05L018:22

    directive_event: AV Bruteforce attack, SSH


    service authentication attack against 10.20.20.20 2018-06-06 23:19:57 A05W069:8697 A05L016:22

    directive_event: AV Bruteforce attack, SSH


    service authentication attack against 10.20.20.22 2018-06-06 23:19:49 A05W069:8526 A05L019:22

    directive_event: AV Bruteforce attack, login


    2018-06-06 23:19:46 0.0.0.0 A05L016
    authentication attack against 10.20.20.20
    directive_event: AV Bruteforce attack, SSH
    service authentication attack against 10.20.20.20 2018-06-06 23:19:43 A05W069:8323 A05L016:22

    directive_event: AV Bruteforce attack, SSH


    service authentication attack against 10.20.20.20 2018-06-06 23:19:38 A05W069:7988 A05L016:22

    directive_event: AV Bruteforce attack, login


    2018-06-06 23:19:38 A05W069 A05L019
    authentication attack against 10.20.20.22
    directive_event: AV Bruteforce attack, SSH
    service authentication attack against 10.20.20.22 2018-06-06 23:19:34 A05W069:7946 A05L019:22

    directive_event: AV Bruteforce attack, SSH


    service authentication attack against 10.20.20.22 2018-06-06 23:19:28 A05W069:7878 A05L019:22

    directive_event: AV Bruteforce attack, SSH


    service authentication attack against 10.20.20.19 2018-06-06 23:19:22 A05W069:7839 A05L015:22

    directive_event: AV Bruteforce attack, login


    2018-06-06 23:19:12 A05W069 A05L015
    authentication attack against 10.20.20.19
    directive_event: AV Bruteforce attack, SSH
    service authentication attack against 10.20.20.19 2018-06-06 23:19:08 A05W069:7713 A05L015:22

    directive_event: AV Bruteforce attack, SSH


    service authentication attack against 10.20.20.19 2018-06-06 23:18:59 A05W069:7646 A05L015:22

    AlienVault HIDS: SSH insecure connection


    2018-06-06 18:07:40 192.168.116.11 I05L002
    attempt (scan).
    AlienVault HIDS: SSH insecure connection
    2018-06-06 18:02:40 192.168.116.11 I05L002
    attempt (scan).
    AlienVault HIDS: SSH insecure connection
    2018-06-06 17:57:40 192.168.116.11 I05L002
    attempt (scan).
    AlienVault HIDS: SSH insecure connection
    2018-06-06 17:52:41 192.168.116.11 I05L002
    attempt (scan).
    AlienVault HIDS: SSH insecure connection
    2018-06-06 17:47:37 192.168.116.11 I05L002
    attempt (scan).
    AlienVault HIDS: SSH insecure connection
    2018-06-06 17:42:45 192.168.116.11 I05L002
    attempt (scan).
    AlienVault HIDS: SSH insecure connection
    2018-06-06 17:37:46 192.168.116.11 I05L002
    attempt (scan).
    AlienVault HIDS: SSH insecure connection
    2018-06-06 17:32:44 192.168.116.11 I05L002
    attempt (scan).
    AlienVault HIDS: SSH insecure connection
    2018-06-06 17:27:40 192.168.116.11 I05L002
    attempt (scan).

    User: admin / 2018-06-07 07:19:33 Page 4 / 7


    Daily reports Postilion

    Logins - Logins. Last 25 Events: from: 2018-06-06 to: 2018-06-06

    Date
    Event Name Device IP Username Source Dest.
    GMT+2:00
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 UCS_Admin A00W195 A03L012:49
    22:54:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 UCS_Admin A00W195 A03L012:49
    22:54:55 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:52:59 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:52:59 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:52:59 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 UCS_Admin A00W195 A03L012:49
    22:52:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 UCS_Admin A00W195 A03L012:49
    22:52:56 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:52:33 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:52:33 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:52:32 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 UCS_Admin A00W195 A03L012:49
    22:51:01 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:59 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 UCS_Admin A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 UCS_Admin A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 s-winds2 A00W195 A03L012:49
    22:50:57 passed authentications.
    2018-06-06 PassedAuth: Cisco ACS
    192.168.110.20 UCS_Admin A00W195 A03L012:49
    22:50:56 passed authentications.

    Cleartext - Cleartext. Last 25 Events: from: 2018-06-06 to: 2018-06-06

    No data available

    User: admin / 2018-06-07 07:19:33 Page 5 / 7


    Daily reports Postilion

    FTP Failed Logons - FTP Failed Logons. Last 25 Events: from: 2018-06-06 to: 2018-06-06

    No data available

    PCI - Protect Stored Data - Database Succesful Logins. Last 25 Events: from: 2018-06-06 to: 2018-06-06

    Event Name Date GMT+2:00 Source Destination Risk


    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:59 A05W061 A05W061
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:58 A05W061 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:46 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:42 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:42 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:34 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:34 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:34 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:34 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:34 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:34 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:34 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:34 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:10 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:10 I05W001 I05W001
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W061 A05W061
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W061 A05W061
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W061 A05W061
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W061 A05W061
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W061 A05W061
    Success.

    User: admin / 2018-06-07 07:19:33 Page 6 / 7


    Daily reports Postilion

    AlienVault HIDS: MS SQL Server Logon


    2018-06-06 18:00:05 A05W062 A05W062
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W062 A05W062
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W062 A05W062
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W062 A05W062
    Success.
    AlienVault HIDS: MS SQL Server Logon
    2018-06-06 18:00:05 A05W062 A05W062
    Success.

    Custom Security Events - Windows User Logons. Last 25 Events: from: 2018-06-06 to: 2018-06-06

    No data available

    User: admin / 2018-06-07 07:19:33 Page 7 / 7

    You might also like