Overview Stats
Total Number of Alerts Generated
7.2k
Number of Alerts That Made it to a Case
7.1k
Total Case Count
3.0k
Closed Case Count
2.9k
Open Cases by Priority
114
Total
Cases by Status
2,991
Total
Cases by Type
2,991
Total
Open Cases
Case_ID | priority | status | Minutes_Since_Created | CaseType | title |
|---|---|---|---|---|---|
| Critical | New | 10792 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| Critical | Resolved | 118 | ThreatLinkMalware | 10.10.162.22 C2++Slingshot+APT Command and Control Activity | |
| Critical | Open | 94 | ThreatLinkMalware | Slingshot+APT execution detected on owiddison2d_wrkstn | |
| Critical | Resolved | 64 | ThreatLinkMalware | 10.10.160.37 C2++Slingshot+APT Command and Control Activity | |
| Critical | Resolved | 43 | ThreatLinkMalware | 10.10.160.47 C2++Slingshot+APT Command and Control Activity | |
| Critical | New | 19 | ThreatLinkMalware | Slingshot+APT execution detected on jscandrett5h_lptp | |
| Critical | New | 16 | ThreatLinkMalware | 10.10.160.60 C2++Slingshot+APT Command and Control Activity | |
| High | New | 11152 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 11032 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 10912 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 10735 | Metaflow | Metadata case for source | |
| High | New | 10672 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 10552 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 10432 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 10312 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 10192 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 10072 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 9952 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 9832 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 9712 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 9592 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 9472 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 9352 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 9295 | Metaflow | Metadata case for source | |
| High | New | 9232 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 9112 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8992 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8872 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8752 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8632 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8512 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8392 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8272 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8266 | Impossible Travel | jcourtint@vital.com is showing impossible travel | |
| High | New | 8152 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 8032 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 7912 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 7855 | Metaflow | Metadata case for source | |
| High | New | 7792 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 7672 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 7552 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 7432 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 7312 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 7192 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 7072 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 6952 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 6832 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 6712 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 6592 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 6472 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 6415 | Metaflow | Metadata case for source | |
| High | New | 6352 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 6232 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 6112 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5992 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5872 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5752 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5632 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5512 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5392 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5272 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5152 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 5032 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 4975 | Metaflow | Metadata case for source | |
| High | New | 4912 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 4792 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 4672 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 4552 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 4432 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 4312 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 4192 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 4072 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 3952 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 3832 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 3712 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 3592 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 3535 | Metaflow | Metadata case for source | |
| High | New | 3472 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 3352 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 3232 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 3112 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2992 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2872 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2752 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2632 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2512 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2392 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2272 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2152 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 2095 | Metaflow | Metadata case for source | |
| High | New | 2032 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 1912 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 1792 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 1672 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 1552 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 1432 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 1312 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 1192 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 1072 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 | |
| High | New | 952 | Log4J | Log4Shell - CVE-2021-44228 - Prod_Websrv_02 |
Top 10 Alerts
alert_name | alert_count |
|---|---|
| SecIntSimultaneouslyLoginbyIP | 900 |
| SecIntSimultaneouslyLoginbyIPv2 | 800 |
| SecOpsLocalUserCreation_clonedv2 | 452 |
| SecOpsResetPasswordAttempt | 433 |
| SecOpsLocalUserCreation | 431 |
| SecOpsPossibleDnsEncodingQuery | 424 |
| Demo_SlingshotAPT_EDRAlert | 345 |
| SecIntSimultaneouslyLoginbyUser | 322 |
| Demo_SlingshotAPT_IDSAlert | 320 |
| Malicious_IP | 257 |
Top 10 Alerts in Cases
alert_name | case_count | total_time_seen_in_a_case |
|---|---|---|
| SecOpsResetPasswordAttempt | 439 | 439 |
| SecOpsLocalUserCreation | 435 | 435 |
| SecOpsPossibleDnsEncodingQuery | 331 | 427 |
| Demo_SlingshotAPT_IDSAlert | 297 | 325 |
| Demo_SlingshotAPT_EDRAlert | 270 | 350 |
| SecOpsLoginFailCombinedSuccessed | 199 | 219 |
| SecOpsFailLogOn | 187 | 202 |
| SecOpsCDHuntFWSrcIpIsPossibleIoc | 144 | 168 |
| Malicious_IP | 105 | 259 |
| SecOpsLocalUserCreation_clonedv2 | 99 | 457 |
MTTR Metrics
chart_name | value |
|---|---|
| Status | Closed |
| Closed Count | 2877 |
| Median Minutes to Close | 95.53 |
| Average Minutes to Close | 104.05 |
| Standard Deviation of Average Minutes to Close | 47.03 |
| Fastest Case Closure | 30.47 |
| Slowest Case Closure | 405.77 |
| 80% of Cases closed in less than: | 138.48 |
| 95% of Cases closed in less than: | 189.75 |
Case Metrics by Status
status | avg_Time_In_Status | min_Time_In_Status | max_Time_In_Status |
|---|---|---|---|
| New | 5504.11 | 16.27 | 11152.82 |
| Medium | 115.24 | 12.53 | 296.5 |
| High | 134.82 | 0.01 | 3278.67 |
| Low | 7.42 | 5.97 | 8.87 |
| Critical | 5.52 | 5.52 | 5.52 |
| Open | 38.57 | 10.24 | 221.61 |
| Closed | 0.32 | 0.01 | 49.98 |
| Resolved | 0.76 | 0.01 | 99.97 |
Cases Created by Date
2,991
Total
MTTR