SOC Command Center
LiveLast updated · 21:02:10
Threat Level: HIGH
⚠ Active Threat — Emotet C2 connection confirmed on WKSTN-042
Guardian agent flagged for isolation · Investigation CASE-089 open · Hunter IOC sweep 72% complete
+12/hr
47
Open Alerts
3 critical · 8 high
2 high-pri
3
Investigations
CASE-089 · 088 · 087
-8% vs avg
891
Threats Blocked
Last 24 hours
All reporting
1,284
Endpoints
1 isolated · 2 flagged
Alert Volume — Last 24 Hours
MITRE ATT&CK Coverage — Active Detections
Initial Access
3
TA0001
Execution
8
TA0002
Persistence
2
TA0003
Priv Escalation
1
TA0004
Defense Evasion
5
TA0005
Credential Access
4
TA0006
Discovery
6
TA0007
Lateral Movement
2
TA0008
Collection
0
TA0009
C2
1
TA0011
Exfiltration
0
TA0010
Impact
0
TA0040
Live Alert Feed
critical
Suspicious PowerShell executionNew
WKSTN-042192.168.1.42T1059.001
2m agoALT-2841
high
Lateral movement detected
SRV-DC0110.0.0.5T1021
8m agoALT-2840
high
Brute-force SSH — 847 attempts
SRV-WEB0210.0.0.22T1110
14m agoALT-2839
medium
Anomalous DNS query volume
WKSTN-017192.168.1.17T1071.004
31m agoALT-2838
medium
New local admin account created
SRV-FILES10.0.0.11T1136
47m agoALT-2837
low
Failed login — expired credential
WKSTN-099192.168.1.99T1078
1h agoALT-2836
Agent Status
Top Risk Endpoints
WKSTN-042
j.martinFLAGGED
97
SRV-DC01
SYSTEMFLAGGED
84
SRV-WEB02
www-data
71
WKSTN-017
p.chen
55
WKSTN-007
a.kumarISOLATED
44
Threat Intel Feed
MISP9m ago
Emotet campaign targeting financial sector — new C2 IPs identified
EmotetC2critical
AlienVault34m ago
CVE-2024-3094 XZ backdoor exploitation attempts observed in wild
CVERCEhigh
Abuse.ch1h ago
QakBot resurfaces — updated loader seen in phishing campaigns
QakBothigh
VirusTotal2h ago
Malicious hash cluster linked to Lazarus Group uploaded
APTHashmedium
Threats Blocked (24h)
891
↓ 8% vs yesterday avg
Attack Origin — Top Countries
RU
31235%
CN
24728%
IR
13315%
KP
9811%
US
627%
BR
394%
SOC Health Overview
Detection Rate
MTTD (min)
MTTR (min)