localhost.localdomain
Normal
- Device ID
b4aeee57c4b841bc95cb853f0aca95e1- 호스트명
- localhost.localdomain
- Local IP
- 10.24.11.62
- External IP
- 211.198.135.5
- 플랫폼
- Linux
- OS 버전
- Rocky Linux 9.6
- Agent 버전
- 7.31.18410.0
- 처음 연결
- 2025-12-13 12:03:24
- 마지막 연결
- 2025-12-22 10:56:53
Tags
태그 없음
Related Alerts
전체 보기
| 심각도 | 설명 | 시간 |
|---|---|---|
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-22 01:19 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-22 01:19 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-22 01:19 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:17 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:17 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-22 01:17 |
| High | The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. | 12-20 22:09 |
| High | The commands executed on this CLI are suspicious and may be related to malicious activity. Review the commands to see if they are expected. | 12-20 22:09 |
| Critical | A reverse shell has been detected on your host. It may provide adversaries with an interactive terminal. Check the process tree to determine if this access was expected. | 12-20 22:09 |
| High | Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. | 12-20 22:09 |
Raw JSON Data
{"device_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"localhost.localdomain","local_ip":"10.24.11.62","external_ip":"211.198.135.5","mac_address":"00-0c-29-89-f8-0a","platform_name":"Linux","os_version":"Rocky Linux 9.6","system_product_name":"VMware20,1","status":"normal","first_seen":"2025-12-13T03:03:24Z","last_seen":"2025-12-22T01:56:53Z","tags":[],"groups":["4f5aa5f1cdc6441982cf5c58e4b5d75a"],"group_hash":"fb152e9135984fe6b0778b98d0f86fd4060a555e6c7baa220904d1a05b5e7961","policies":[{"policy_type":"prevention","policy_id":"ea8a7406f9954f2a96c8de412dc5fd2c","applied":true,"applied_date":"2025-12-13T03:13:58.058438907Z"}],"reduced_functionality_mode":"no","is_online":false,"FirstSeenAt":"2025-12-13T12:03:24+09:00","LastSeenAt":"2025-12-22T10:56:53+09:00"}
Status
- Connection Offline
- Isolation Normal
- 관련 알림 10
Actions
Uninstall Token
센서 삭제 시 필요한 토큰입니다. Uninstall Protection이 활성화된 경우에만 필요합니다.