All activities are displayed
Back
Security Incident
SIR0010006
Activity Stream
Personalize Form
More options
Discuss
Follow
Follow
Update
Add Response Task
Cancel
Delete
Manage Attachments ():
Select security tag
Enrichment: Allowlist
IOC Detected
Enrichment: Denylist
Potential Phish
Metatag
TLP: WHITE
TLP: GREEN
TLP: AMBER
TLP: RED
Block from sharing
PhishTank - Verified Phish
newsighting1 - Completed
EDL - PaloAlto Net
Hybrid Analysis - Potential Threat
Email Delete - Completed
Email Search - Completed
McAfee EPO - Scan Scheduled
ThreatCrowd - Potentially Malicious
McAfee EPO - Isolate Host Queued
Email Search - Initiated
McAfee EPO - Scan Complete
McAfee EPO - Host Isolated
Email Delete - Initiated
Draft
Analysis
Contain
Eradicate
Recover
Review
Closed
Number
Requested by
A new record with this value will be created automatically
Configuration item
A new record with this value will be created automatically
Affected user
A new record with this value will be created automatically
Location
A new record with this value will be created automatically
Category
-- None --
Confidential personal identity data exposure
Criminal activity/investigation
Denial of Service
Digital Millennium Copyright Act (DMCA) violation
Equipment loss
Malicious code activity
No Incident
Policy violation
Privilege Escalation
Reconnaissance activity
Rogue server or service
Spam source
Phishing
Un-patched vulnerability
Unauthorized access
Web/BBS defacement
Shared Intelligence
Failed Login
Lost or stolen laptop
Malware
Insider Breach
Subcategory
-- None --
Opened
State
Analysis
Contain
Eradicate
Recover
Substate
-- None --
Pending Problem
Pending Change
Pending Incident
Source
-- None --
Email
Endpoint Security
Firewall
IDS/IPS
Network Monitoring
Phone
Self-service
SIEM
Vulnerability Response
Walk-in
Alert Sensor
-- None --
Carbon Black
Checkpoint Next Gen Firewall
Crowdstrike
Cylance
FireEye
McAfee
Palo Alto Next Gen Firewall
Sophos
Symantec
Trend Micro
User Reported Phish
Alert Rule
Risk score
Override risk score
Business impact
1 - Critical
2 - High
3 - Non-critical
Priority
-- None --
1 - Critical
2 - High
3 - Moderate
4 - Low
5 - Planning
Assignment group
A new record with this value will be created automatically
Assigned to
A new record with this value will be created automatically
Short description
Suggestion
Knowledge results
*
Incident Details
Contains unpopulated mandatory fields
*
Related Records
Contains unpopulated mandatory fields
Contains unpopulated mandatory fields
Contains unpopulated mandatory fields
*
MITRE ATT&CK Card
Contains unpopulated mandatory fields
Contains unpopulated mandatory fields
*
Restriction
Contains unpopulated mandatory fields
Read access
Unlock Read access
Watch list
Unlock Watch list
Privileged access
Unlock Privileged access
Work notes list
Unlock Work notes list
Description
The EC2 instance 106.75.233.77 is performing SSH brute force attacks against i-0d45821083a7ad8ff. Brute force attacks are used to gain unauthorized access to your instance by guessing the SSH password.
Secure notes
Remove lines from Secure notes script area
Add lines to Secure notes script area
Work notes
Post
Activities: 5
(Filtered)
Filter Activity
System
Automation activity
•
2024-03-01 17:23:21
13d ago
System
Automation activity
•
2024-03-01 17:22:50
13d ago
SA
System Administrator
Field changes
•
2024-03-01 17:21:54
13d ago
Assigned to
Waldo Sisk
State
Analysis
was
Draft
SA
System Administrator
Automation activity
•
2024-03-01 17:21:53
13d ago
Risk score changed from Empty to 30 due to change in business impact, priority, severity, risk score override
SA
System Administrator
Field changes
•
2024-03-01 17:21:53
13d ago
Impact
3 - Low
Opened by
System Administrator
Priority
4 - Low
State
Draft
Update
Add Response Task
Cancel
Delete
Related Links
View Manual Runbook
Response Workflow
Add Multiple Observables
Associate MITRE ATT&CK Technique
Run Orchestration
Show SLA Timeline
View Details in External System
Show All Related Lists
Show Affected Items
Show Related Items
Show IoC
Show Enrichment Data
Show Response Tasks
*
Configuration Items
*
Affected Users
List controls
Show / hide filter
Search
Configuration Item
Configuration Item Class
Configuration Item Support group
Configuration Item Owned by
Applied
Applied date
Manual proposed change
Updated
Press Enter from within the input to submit the search.
Personalize List
Hide List
Edit...
Task = SIR0010006
Edit table data inline
Configuration Items table. Currently in read mode.
Show column search row
Configuration Item
Sort in ascending order
Class
Sort in ascending order
Support group
Sort in ascending order
Owned by
Sort in ascending order
Applied
Sort in ascending order
Applied date
Sort in descending order
Manual proposed change
Sort in ascending order
Updated
Sort in descending order
No records to display
Removed Template bar landmark from bottom of form.
No templates are available
Create a new one?
The EC2 instance 106.75.233.77 is performing SSH brute force attacks against i-0d45821083a7ad8ff. Brute force attacks are used to gain unauthorized access to your instance by guessing the SSH password.undefined
*Affected Users