Executive Summary Report

Admin Domain: SGC

Device(s): All
Attack Severity: Informational,Low,Medium,High
Vulnerability Relevance: 0-20%,21-40%,41-60%,61-80%,81-100%,Unknown,N/A
Show only Blocked Attacks? No
Alert State: All Alerts
Start Date: 2017-06-30 00:00:00 GMT-05:00
End Date: 2017-06-30 23:59:59 GMT-05:00
Report Generation Time: 2017-06-30 09:31:39 GMT-05:00
 Top N Blocked Attacks

# Attack Name Attack Count

1. P2P: TeamViewer Traffic Detected 145479

2. HTTP: Joomla Component JCE File Upload Remote Code Execution 7

3. RAT: GhostRat Traffic Detected 1

4. DNS: Microsoft SMTP Service DNS resolver overflow 1

 Top N Attacks

# Attack Name Attack Count

1. P2P: TeamViewer Traffic Detected 145479

2. ICMP: Netmask Request 411

3. ICMP: Timestamp Probe 378

4. P2P: Skype Logon Process Detected 286

5. HTTP: PHP File Inclusion Vulnerability 285

 Top N Attacks

# Attack Name Attack Count

6. NMAP: XMAS Probe 128

7. HTTP: Response UTF16/32 Encoding 83

8. SCAN: NULL Probe 44

9. HTTP: KeepAlive Request Detected 26

10. TCP Control Segment Anomaly 14

 Attack Count Per Sensor

# Device Attack Count (for Signature Attacks only) Attack Count Blocked Attack Count

1. zeus_sgc 3894 147116 145488

2. ares_sgc 16 84 0
 Attack Count Per Severity

# Severity Attack Count

1. High 33

2. Medium 146224

3. Low 943
 Attack Count Per Relevance

# Relevance Attack Count

1. Unknown 147200
 Attack Count Per Attack Category

# Attack Category Attack Count

1. Policy Violation 145791

2. Exploit 1243

3. Reconnaissance Attacks 144

4. Volume DoS 15

5. Malware 7
 Attacks Count Per Attack Sub-Category

# Attack Sub-Category Attack Category Attack Count

1. restricted-application Policy Violation 145765

2. probe Exploit 837

3. code-execution Exploit 303

4. port-scan Reconnaissance Attacks 132

5. evasion-attempt Exploit 88

6. audit Policy Violation 26

7. statistical-deviation Volume DoS 15

8. brute-force Reconnaissance Attacks 12

9. protocol-violation Exploit 10

10. File-Mismatch Malware 6

11. dos Exploit 4

12. buffer-overflow Exploit 1

13. botnet Malware 1

Top N Source IP

# Src IP Attack Count

1. * 105333

2. 192.168.9.231 28278

3. 172.20.4.33 8563

4. 192.168.110.253 1668

5. 192.168.110.148 1656

6. 172.20.50.84 286

7. 172.25.2.235 193

8. 172.25.3.114 192

9. 192.168.9.65 160
 Top N Source IP

# Src IP Attack Count

10. 192.168.9.25 144

Top N Destination IP

# Dest IP Attack Count

1. * 105333

2. 217.146.26.212 24239

3. 162.220.223.28 7903

4. 185.188.32.2 2181

5. 185.188.32.5 2175

6. 185.188.32.1 1346

7. 185.188.32.4 834

8. 185.188.32.3 827

9. 185.188.32.6 659

10. 34.205.49.14 286

Top N Source/Destination IP Pairs

# Src IP Dest IP Attack Count

1. * * 105333

2. 192.168.9.231 217.146.26.212 24239

3. 172.20.4.33 162.220.223.28 7903

4. 192.168.9.231 185.188.32.2 1347

5. 192.168.9.231 185.188.32.5 1346

6. 192.168.9.231 185.188.32.1 1346

7. 192.168.110.253 185.188.32.2 834

8. 192.168.110.253 185.188.32.4 834

 Top N Source/Destination IP Pairs

# Src IP Dest IP Attack Count

9. 192.168.110.148 185.188.32.5 829

10. 192.168.110.148 185.188.32.3 827