Scribd Logo
Upload

Welcome to Scribd!

  • Report NameIncident 1685266164334

    Uploaded by

    David Rojas
    12 views2 pages

    Original Title

    report-NameIncident-1685266164334

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views2 pages

    Report NameIncident 1685266164334

    Uploaded by

    David Rojas

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Incident Report

    Organization: Super/Global
    User Notes

    Incident: 933148
    Event Severity HIGH Incident Last May 28 2023, 03:32:30 AM Event Name Permitted Traffic from FortiGuard Malware IP List
    Category Occurrence Time
    Incident PORTAL-FRONT.dgpad.org Incident Source srcIpAddr:172.104.227.98, Incident Target destIpAddr:172.16.10.213,
    Reporting Device
    Incident Detail Incident Status Active Incident Open
    Resolution
    Incident ID 933148 Event Type PH_RULE_FROM_FORTIGUARD_MALWARE_IP Incident Ticket New
    Status
    Business Service Count 6 Incident Cleared
    Name Time
    Incident Ticket Incident Impacts
    User Notification
    Recipients
    Incident Cleared Incident Event Severity 9
    Reason Comments
    Incident First May 27 2023, 01:05:30 AM Incident 172.16.10.213 Incident Ticket ID 339194071
    Occurrence Time Reporting IP
    Organization UNGRD Incident Incident Cleared
    Name Notification User
    Status
    Incident Incident Incident
    Externally Externally Cleared Externally
    Assigned User Time Resolution Time
    Incident External Incident External Incident External
    Ticket ID Ticket State Ticket Type
    Incident View Read Raw Event Log Incident Category Security
    Status
    Incident Exfiltration Incident Approved Incident Title Traffic from FortiGuard Malware IP 172.104.227.98 to
    Subcategory Reporting Device 172.16.10.213
    Status
    Incident Tag Attack Technique Exfiltration Over C2 Channel(T1041) Attack Tactic Exfiltration
    Name
    IP Address Host Name Organization ID Country State City Region Building Floor

    Total Number Records: 6

    Page 1 of 2 Generated By May 28 2023, 04:29:24 AM


    Destination TCP/UDP
    Rank Event Receive Time Reporting IP Event Type Event Name Source IP Destination IP IP Protocol Source TCP/UDP Port
    Port

    May 28 2023, 03:31:10 AO-WUA-IIS-Web-


    1 172.16.10.213 Web request successful 172.104.227.98 172.16.10.213 443
    AM Request-Success

    2023-05-28T08:31:06Z PORTAL-FRONT.dgpad.org 172.16.10.213 AccelOps-WUA-IIS [phCustId]="2001" [customer]="UNGRD" [monitorStatus]="Success" [Locale]="es-CO" [MachineGuid]="ac9b7265-1c0f-43d3-828d-87d59da461b5"


    [timeZone]="-0500" [date]="2023-05-28" [time]="08:30:24" [s-ip]="172.16.10.213" [cs-method]="HEAD" [cs-uri-stem]="/Paginas/inicio.aspx" [cs-uri-query]="-" [s-port]="443" [cs-username]="-" [c-ip]="172.104.227.98" [cs(User-
    Raw Event
    Agent)]="Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+12_6)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36+Edg/106.0.1370.34" [cs(Referer)]="-" [sc-status]="200" [sc-substatus]="0" [sc-win32-status]="0"
    [time-taken]="312" [site]="Portal UNGRD - 80" [format]="W3C"

    May 27 2023, 01:10:04 AO-WUA-IIS-Web-


    2 172.16.10.213 Web request successful 172.104.227.98 172.16.10.213 443
    PM Request-Success

    2023-05-27T18:09:59Z PORTAL-FRONT.dgpad.org 172.16.10.213 AccelOps-WUA-IIS [phCustId]="2001" [customer]="UNGRD" [monitorStatus]="Success" [Locale]="es-CO" [MachineGuid]="ac9b7265-1c0f-43d3-828d-87d59da461b5"


    [timeZone]="-0500" [date]="2023-05-27" [time]="18:09:52" [s-ip]="172.16.10.213" [cs-method]="HEAD" [cs-uri-stem]="/Paginas/inicio.aspx" [cs-uri-query]="-" [s-port]="443" [cs-username]="-" [c-ip]="172.104.227.98" [cs(User-
    Raw Event
    Agent)]="Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36" [cs(Referer)]="-" [sc-status]="200" [sc-substatus]="0" [sc-win32-status]="0" [time-taken]="312"
    [site]="Portal UNGRD - 80" [format]="W3C"

    May 27 2023, 12:55:39 AO-WUA-IIS-Web-


    3 172.16.10.213 Web request successful 172.104.227.98 172.16.10.213 443
    PM Request-Success

    2023-05-27T17:55:38Z PORTAL-FRONT.dgpad.org 172.16.10.213 AccelOps-WUA-IIS [phCustId]="2001" [customer]="UNGRD" [monitorStatus]="Success" [Locale]="es-CO" [MachineGuid]="ac9b7265-1c0f-43d3-828d-87d59da461b5"


    [timeZone]="-0500" [date]="2023-05-27" [time]="17:55:19" [s-ip]="172.16.10.213" [cs-method]="HEAD" [cs-uri-stem]="/Paginas/inicio.aspx" [cs-uri-query]="-" [s-port]="443" [cs-username]="-" [c-ip]="172.104.227.98" [cs(User-
    Raw Event
    Agent)]="Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36" [cs(Referer)]="-" [sc-status]="200" [sc-substatus]="0" [sc-win32-status]="0" [time-taken]="312"
    [site]="Portal UNGRD - 80" [format]="W3C"

    May 27 2023, 09:39:15 AO-WUA-IIS-Web-


    4 172.16.10.213 Web request successful 172.104.227.98 172.16.10.213 443
    AM Request-Success

    2023-05-27T14:39:13Z PORTAL-FRONT.dgpad.org 172.16.10.213 AccelOps-WUA-IIS [phCustId]="2001" [customer]="UNGRD" [monitorStatus]="Success" [Locale]="es-CO" [MachineGuid]="ac9b7265-1c0f-43d3-828d-87d59da461b5"


    [timeZone]="-0500" [date]="2023-05-27" [time]="14:38:52" [s-ip]="172.16.10.213" [cs-method]="HEAD" [cs-uri-stem]="/Paginas/inicio.aspx" [cs-uri-query]="-" [s-port]="443" [cs-username]="-" [c-ip]="172.104.227.98" [cs(User-
    Raw Event
    Agent)]="Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36" [cs(Referer)]="-" [sc-status]="200" [sc-substatus]="0" [sc-win32-status]="0" [time-taken]="312" [site]="Portal UNGRD
    - 80" [format]="W3C"

    May 27 2023, 05:58:03 AO-WUA-IIS-Web-


    5 172.16.10.213 Web request successful 172.104.227.98 172.16.10.213 443
    AM Request-Success

    2023-05-27T10:57:57Z PORTAL-FRONT.dgpad.org 172.16.10.213 AccelOps-WUA-IIS [phCustId]="2001" [customer]="UNGRD" [monitorStatus]="Success" [Locale]="es-CO" [MachineGuid]="ac9b7265-1c0f-43d3-828d-87d59da461b5"


    Raw Event [timeZone]="-0500" [date]="2023-05-27" [time]="10:56:51" [s-ip]="172.16.10.213" [cs-method]="HEAD" [cs-uri-stem]="/Paginas/inicio.aspx" [cs-uri-query]="-" [s-port]="443" [cs-username]="-" [c-ip]="172.104.227.98" [cs(User-
    Agent)]="Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+12.6;+rv:105.0)+Gecko/20100101+Firefox/105.0" [cs(Referer)]="-" [sc-status]="200" [sc-substatus]="0" [sc-win32-status]="0" [time-taken]="297" [site]="Portal UNGRD - 80"

    May 27 2023, 12:56:49 AO-WUA-IIS-Web-


    6 172.16.10.213 Web request successful 172.104.227.98 172.16.10.213 443
    AM Request-Success

    2023-05-27T05:56:44Z PORTAL-FRONT.dgpad.org 172.16.10.213 AccelOps-WUA-IIS [phCustId]="2001" [customer]="UNGRD" [monitorStatus]="Success" [Locale]="es-CO" [MachineGuid]="ac9b7265-1c0f-43d3-828d-87d59da461b5"


    [timeZone]="-0500" [date]="2023-05-27" [time]="05:54:17" [s-ip]="172.16.10.213" [cs-method]="HEAD" [cs-uri-stem]="/Paginas/inicio.aspx" [cs-uri-query]="-" [s-port]="443" [cs-username]="-" [c-ip]="172.104.227.98" [cs(User-
    Raw Event
    Agent)]="Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+12_6)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36+Edg/106.0.1370.34" [cs(Referer)]="-" [sc-status]="200" [sc-substatus]="0" [sc-win32-status]="0"
    [time-taken]="296" [site]="Portal UNGRD - 80" [format]="W3C"

    Page 2 of 2 Generated By May 28 2023, 04:29:24 AM

    You might also like