THREAT PREVENTION

Report
Sep 4, 2023 12:00 AM - Sep 8, 2023 2:39 PM
General Activity 2

Top Protections Top Malware Activities Active Blades

Protection Type Severity Logs Malware Action Logs IPS Anti-Bot Anti-Virus
13
IPS Critical 13 DNS query for a C&C site 4
12
DNS Reputation High 6 DNS query for a site known to contain
2
malware 11
DNS Trap Critical 1
Communication with C&C site 1
10

0
IPS Anti-Bot Anti-Virus

Malware Activity

Critical High Medium

10

0
Mon 4 8:00 AM 4:00 PM Tue 5 8:00 AM 4:00 PM Wed 6 8:00 AM 4:00 PM Thu 7 8:00 AM 4:00 PM Fri 8 8:00 AM

THREAT PREVENTION Report Sep 4, 2023 12:00 AM - Sep 8, 2023 2:39 PM

Hosts 3

Top Hosts by No. of Incidents

Critical High Medium

10.10.150.103

10.23.0.2

10.23.0.103

10.10.200.10

10.23.0.100

10.23.0.101

172.16.10.84

172.16.10.102

0 1 2 3

Top Hosts by Severity

Source Severity Blade Protection Name Protection Type Action

Nmap Scripting Engine Scanner Over HTT…

10.10.150.103 Critical IPS Microsoft SMB NTLM Authentication Lack… IPS Detect
Shodan Scanner SIP Request
DNS Reputation Prevent
10.23.0.101 Critical Anti-Bot AdSense.TC.5beaWRAL
DNS Trap Detect

10.23.0.103 Critical IPS Cross-Site Scripting Obfuscation Techniq… IPS Detect

Cross-Site Scripting Scanning Attempt

10.23.0.100 Critical IPS Nmap Scripting Engine Scanner Over HTTP IPS Detect
Request

172.16.10.84 Critical IPS Nmap Scripting Engine Scanner Over HTTP IPS Detect
Request

10.10.200.10 High IPS Squid HTTP Version Number Parsing IPS Detect
Denial of Service

THREAT PREVENTION Report Sep 4, 2023 12:00 AM - Sep 8, 2023 2:39 PM

Malwares 4

Top Actions by Malware

DNS query for a site known to contain malware

Communication with C&C site

DNS query for a C&C site

0 1 2

Top Actions by Malware

Malware Action Protection Name Source Logs

DNS query for a site known to contain

2 Protections 1 Source 2
malware
Communication with C&C site 1 Protection 1 Source 1

DNS query for a C&C site 1 Protection 1 Source 4

THREAT PREVENTION Report Sep 4, 2023 12:00 AM - Sep 8, 2023 2:39 PM

Severe Incidents 5

Hosts With Severe Incidents By Blade

Blade Source Severity Protection Type Protection Name Malware Action Logs

IPS Nmap Scripting Engine Scanner O…

10.10.150.103 Critical IPS Microsoft SMB NTLM Authentica… 7
Shodan Scanner SIP Request

10.23.0.103 Critical IPS Cross-Site Scripting Obfuscation…

2
Cross-Site Scripting Scanning Att…

10.23.0.100 Critical IPS Nmap Scripting Engine Scanner

1
Over HTTP Request

172.16.10.84 Critical IPS Nmap Scripting Engine Scanner

1
Over HTTP Request

10.10.200.10 High IPS Squid HTTP Version Number

1
Parsing Denial of Service
172.16.10.102 High IPS HTTP Suspicious Windows Paths 1

Total: 6 Sources Critical 1 Protection Type 7 Protections 0 Actions 13

Anti-Bot DNS Reputation DNS query for a C&C site

10.23.0.101 Critical AdSense.TC.5beaWRAL 5
DNS Trap Communication with C&C site

Total: 1 Source Critical 2 Protection Types 1 Protection 2 Actions 5

THREAT PREVENTION Report Sep 4, 2023 12:00 AM - Sep 8, 2023 2:39 PM

Malicious Activity 6

Top Malware Activity and Sources by Severity

Malware Action Source Severity Action Logs

Communication with C&C site 10.23.0.101 Critical Prevent 1

Total: 1 Source Critical 1 Action 1

DNS query for a C&C site Detect

10.23.0.101 High 4
Prevent

Total: 1 Source High 2 Actions 4

DNS query for a site known to contain malware 10.23.0.2 Medium Detect 2

Total: 1 Source Medium 1 Action 2

THREAT PREVENTION Report Sep 4, 2023 12:00 AM - Sep 8, 2023 2:39 PM

Countries 7

Top Destination Countries by Protections

Destination Country Protection Name Severity Source Logs

United States 3 Protections High 2 Sources 6

Israel 1 Protection Critical 1 Source 1

THREAT PREVENTION Report Sep 4, 2023 12:00 AM - Sep 8, 2023 2:39 PM

Map 8

Top Countries by No. of Incidents

THREAT PREVENTION Report Sep 4, 2023 12:00 AM - Sep 8, 2023 2:39 PM