Reasons
- High severity exploit activity was observed, but only from a single node.
- Observed behavior consistent with post-compromise activity, such as backdoors, webshells, or lateral movement.
- High-confidence indicators of post-exploitation activity were detected.
MITRE ATT&CK Mappings
Evidence
- Nodes observed: 1
- Severity: CRITICAL
- TTL remaining: 12d 11h