Executive Summary Report

Admin Domain: SGC

Device(s): All
Attack Severity: Informational,Low,Medium,High
Vulnerability Relevance: 0-20%,21-40%,41-60%,61-80%,81-
100%,Unknown,N/A
Show only Blocked Attacks? No
Alert State: All Alerts
Start Date: 2017-07-01 00:00:00 GMT-05:00
End Date: 2017-07-13 09:40:19 GMT-05:00
Report Generation Time: 2017-07-13 09:41:11 GMT-05:00

Top N Blocked Attacks

# Attack Name Severity Attack Count

1. P2P: TeamViewer Traffic Detected Medium 3009232

2. HTTP: Joomla Component JCE File Upload Remote Code High 92

Execution

3. HTTP: Microsoft Windows HTTP.sys Remote Code High 22

Execution (CVE-2015-1635)
 Top N Blocked Attacks

# Attack Name Severity Attack Count

4. HTTP: PHP Wordpress Plugin Revolution Slider High 21

Vulnerability

5. HTTP: CoolPDF Reader Image Stream Processing Buffer High 20

Overflow 1

6. HTTP: Apache Chunked Encoding Exploit High 11

7. HTTP: RedHat JBoss Enterprise Application Platform JMX High 8

Console Security Bypass

8. HTTP: Apache mod_cgi Bash Environment Variable Code High 8

Injection

9. RAT: GhostRat Traffic Detected High 5

10. HTTP: Microsoft Office Memory Corruption High 5

Vulnerability(CVE-2015-2477)

Top N Attacks

# Attack Name Severity Attack Count

1. P2P: TeamViewer Traffic Detected Medium 3009232

2. P2P: Skype Logon Process Detected Medium 12922

3. ICMP: Netmask Request Low 11097

4. ICMP: Timestamp Probe Low 10296

5. P2P: BitTorrent Meta-Info Retrieving Medium 8099

 Top N Attacks

# Attack Name Severity Attack Count

6. NMAP: XMAS Probe Medium 3108

7. HTTP: Response UTF16/32 Encoding Low 1983

8. SCAN: NULL Probe Low 1034

9. HTTP: Overly Long POST URI in HTTP Request Medium 693

10. MALWARE: File Mismatch Detected Low 501

Attack Count Per Sensor

# Device Attack Count (for Signature Attacks Attack Count Blocked Attack
only) Count

1. zeus_sgc 110266 3061431 3009388

2. ares_sgc 339 1119 49

 Attack Count Per Severity

# Severity Attack Count

1. High 852

2. Medium 3036217

3. Low 25481
 Attack Count Per Relevance

# Relevance Attack Count

1. 0-20% 1

2. Unknown 3062549
 Attack Count Per Attack Category

# Attack Category Attack Count

1. Policy Violation 3030757

2. Exploit 27026

3. Reconnaissance Attacks 3842

4. Malware 506

5. Volume DoS 419

Attacks Count Per Attack Sub-Category

# Attack Sub-Category Attack Category Attack Count

1. restricted-application Policy Violation 3030260

2. probe Exploit 22599

3. port-scan Reconnaissance Attacks 3207

4. evasion-attempt Exploit 2124

5. code-execution Exploit 1461

6. brute-force Reconnaissance Attacks 635

7. File-Mismatch Malware 501

8. audit Policy Violation 491

9. statistical-deviation Volume DoS 419

10. dos Exploit 332

 Attacks Count Per Attack Sub-Category

# Attack Sub-Category Attack Category Attack Count

11. protocol-violation Exploit 308

12. privileged-access Exploit 176

13. buffer-overflow Exploit 26

14. restricted-access Policy Violation 6

15. botnet Malware 5

Top N Source IP

# Src IP Attack Count

1. * 1902842

2. 192.168.9.231 741398

3. 172.20.4.33 265481

4. 172.20.4.192 90191

5. 172.20.50.197 9613

6. 172.25.2.235 5654

7. 172.25.3.114 4630

8. 192.168.108.96 3384

9. 192.168.9.25 2960

10. 10.10.11.156 2853

Top N Destination IP

# Dest IP Attack Count

1. * 1902842

2. 217.146.26.212 634341

3. 162.220.223.28 285443

4. 185.188.32.6 52492

5. 185.188.32.4 46905

6. 185.188.32.3 41595

7. 185.188.32.1 25564

8. 185.188.32.5 12746

9. 185.188.32.2 11730

10. 192.168.0.120 6477

Top N Source/Destination IP Pairs

# Src IP Dest IP Attack Count

1. * * 1902842

2. 192.168.9.231 217.146.26.212 633568

3. 172.20.4.33 162.220.223.28 211218

4. 172.20.4.192 162.220.223.28 72159

5. 192.168.9.231 185.188.32.3 35206

 Top N Source/Destination IP Pairs

# Src IP Dest IP Attack Count

6. 192.168.9.231 185.188.32.4 35199

7. 192.168.9.231 185.188.32.6 34460

8. 172.20.4.33 185.188.32.6 17600

9. 172.20.4.33 185.188.32.2 11533

10. 172.20.4.33 185.188.32.4 11359