Reasons
- Enforcement was escalated due to repeated activity across nodes.
- Threat activity was observed independently on multiple nodes.
- Further attacks within a short window, permanent ban applied based on indicators of persistence attacks.
MITRE ATT&CK Mappings
- Tactics: Reconnaissance
- Techniques: T1595
Evidence
- Nodes observed: 2
- Severity: LOW
- TTL remaining: 20h 6m