inbridge-40
Normal
- Device ID
f04562e41eb24f95911339a2dfa4d617- 호스트명
- inbridge-40
- Local IP
- 10.24.11.214
- External IP
- 211.198.135.5
- 플랫폼
- Linux
- OS 버전
- Ubuntu 24.04
- Agent 버전
- 7.31.18410.0
- 처음 연결
- 2025-12-14 02:55:14
- 마지막 연결
- 2025-12-22 11:02:19
Tags
태그 없음
Related Alerts
전체 보기
| 심각도 | 설명 | 시간 |
|---|---|---|
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:26 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:26 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:26 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:26 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-20 22:21 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-20 22:09 |
| High | An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected. | 12-20 22:08 |
| High | A script launched with a command line that is often associated with Cryptomining software. If this is unexpected, review the process tree. | 12-20 22:08 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-20 21:48 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-20 21:48 |
Raw JSON Data
{"device_id":"f04562e41eb24f95911339a2dfa4d617","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"inbridge-40","local_ip":"10.24.11.214","external_ip":"211.198.135.5","mac_address":"00-0c-29-31-3f-de","platform_name":"Linux","os_version":"Ubuntu 24.04","system_product_name":"VMware20,1","status":"normal","first_seen":"2025-12-13T17:55:14Z","last_seen":"2025-12-22T02:02:19Z","tags":[],"groups":["4f5aa5f1cdc6441982cf5c58e4b5d75a"],"group_hash":"fb152e9135984fe6b0778b98d0f86fd4060a555e6c7baa220904d1a05b5e7961","policies":[{"policy_type":"prevention","policy_id":"ea8a7406f9954f2a96c8de412dc5fd2c","applied":true,"applied_date":"2025-12-13T18:08:06.209929458Z"}],"reduced_functionality_mode":"no","is_online":false,"FirstSeenAt":"2025-12-14T02:55:14+09:00","LastSeenAt":"2025-12-22T11:02:19+09:00"}
Status
- Connection Offline
- Isolation Normal
- 관련 알림 10
Actions
Uninstall Token
센서 삭제 시 필요한 토큰입니다. Uninstall Protection이 활성화된 경우에만 필요합니다.