siemdev-14
Normal
- Device ID
021368f9220b45cdb2760a069897c1c8- 호스트명
- siemdev-14
- Local IP
- 172.17.0.1
- External IP
- 211.198.135.5
- 플랫폼
- Linux
- OS 버전
- Rocky Linux 10.1
- Agent 버전
- 7.31.18410.0
- 처음 연결
- 2025-12-13 04:45:58
- 마지막 연결
- 2025-12-22 10:57:04
Tags
태그 없음
Related Alerts
전체 보기
| 심각도 | 설명 | 시간 |
|---|---|---|
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-22 01:19 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-22 01:19 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-22 01:19 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:17 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:17 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:17 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-20 22:17 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-20 22:09 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-20 22:09 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-20 22:09 |
Raw JSON Data
{"device_id":"021368f9220b45cdb2760a069897c1c8","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"siemdev-14","local_ip":"172.17.0.1","external_ip":"211.198.135.5","mac_address":"7e-f4-7a-00-43-91","platform_name":"Linux","os_version":"Rocky Linux 10.1","system_product_name":"VMware20,1","status":"normal","first_seen":"2025-12-12T19:45:58Z","last_seen":"2025-12-22T01:57:04Z","tags":[],"groups":["4f5aa5f1cdc6441982cf5c58e4b5d75a"],"group_hash":"fb152e9135984fe6b0778b98d0f86fd4060a555e6c7baa220904d1a05b5e7961","policies":[{"policy_type":"prevention","policy_id":"ea8a7406f9954f2a96c8de412dc5fd2c","applied":true,"applied_date":"2025-12-13T18:14:32.032912423Z"}],"reduced_functionality_mode":"no","is_online":false,"FirstSeenAt":"2025-12-13T04:45:58+09:00","LastSeenAt":"2025-12-22T10:57:04+09:00"}
Status
- Connection Offline
- Isolation Normal
- 관련 알림 10
Actions
Uninstall Token
센서 삭제 시 필요한 토큰입니다. Uninstall Protection이 활성화된 경우에만 필요합니다.