SOC Command Center

LiveLast updated · 21:02:10

Threat Level: HIGH

⚠ Active Threat — Emotet C2 connection confirmed on WKSTN-042

Guardian agent flagged for isolation · Investigation CASE-089 open · Hunter IOC sweep 72% complete

+12/hr
47
Open Alerts
3 critical · 8 high
2 high-pri
3
Investigations
CASE-089 · 088 · 087
-8% vs avg
891
Threats Blocked
Last 24 hours
All reporting
1,284
Endpoints
1 isolated · 2 flagged

Alert Volume — Last 24 Hours

View all in SIEM

MITRE ATT&CK Coverage — Active Detections

Hunter analysis
Initial Access
3
TA0001
Execution
8
TA0002
Persistence
2
TA0003
Priv Escalation
1
TA0004
Defense Evasion
5
TA0005
Credential Access
4
TA0006
Discovery
6
TA0007
Lateral Movement
2
TA0008
Collection
0
TA0009
C2
1
TA0011
Exfiltration
0
TA0010
Impact
0
TA0040

Live Alert Feed

Open SIEM
critical
Suspicious PowerShell executionNew
WKSTN-042192.168.1.42T1059.001
2m agoALT-2841
high
Lateral movement detected
SRV-DC0110.0.0.5T1021
8m agoALT-2840
high
Brute-force SSH — 847 attempts
SRV-WEB0210.0.0.22T1110
14m agoALT-2839
medium
Anomalous DNS query volume
WKSTN-017192.168.1.17T1071.004
31m agoALT-2838
medium
New local admin account created
SRV-FILES10.0.0.11T1136
47m agoALT-2837
low
Failed login — expired credential
WKSTN-099192.168.1.99T1078
1h agoALT-2836

Top Risk Endpoints

Guardian
WKSTN-042
j.martinFLAGGED
97
SRV-DC01
SYSTEMFLAGGED
84
SRV-WEB02
www-data
71
WKSTN-017
p.chen
55
WKSTN-007
a.kumarISOLATED
44

Threat Intel Feed

MISP9m ago

Emotet campaign targeting financial sector — new C2 IPs identified

EmotetC2critical
AlienVault34m ago

CVE-2024-3094 XZ backdoor exploitation attempts observed in wild

CVERCEhigh
Abuse.ch1h ago

QakBot resurfaces — updated loader seen in phishing campaigns

QakBothigh
VirusTotal2h ago

Malicious hash cluster linked to Lazarus Group uploaded

APTHashmedium

Threats Blocked (24h)

891
↓ 8% vs yesterday avg

Attack Origin — Top Countries

RU
31235%
CN
24728%
IR
13315%
KP
9811%
US
627%
BR
394%

SOC Health Overview

97%
Detection Rate
4min
MTTD (min)
28min
MTTR (min)