Reasons
- Detected activity is a limited amount of firewall scenarios.
- Escalated reputation based on attacks within a short window.
- Threat activity was observed from a single node only.
MITRE ATT&CK Mappings
- Tactics: Initial Access
- Techniques: T1190
Evidence
- Nodes observed: 1
- Severity: HIGH
- TTL remaining: 20h 38m