Reasons
- Detected activity is a limited amount of firewall scenarios.
- Escalated reputation based on attacks within a short window.
- Observed on a single node, indicating non-distributed activity at time of detection.
MITRE ATT&CK Mappings
- Tactics: Initial Access
- Techniques: T1190
Evidence
- Nodes observed: 1
- Severity: HIGH
- TTL remaining: 21h 46m