Last 24 hours · May 04, 2026 16:09 – May 05, 2026 16:09 UTC Demonstration Mode (synthetic data)
Generated: 2026-05-05 16:09:42 UTC
Overview
Total Traffic (GB)
847.30
Detectors
HBOS Histogram-Based Outlier Score — how far this host's overall behavior deviates from the population baseline.
SIGMA Behavioral rule matching — tokenized event sequences matched against MITRE-style detection patterns.
OCCAM HMM sequence predictor — flags surprising next-token transitions vs. the host's learned history (high surprisal = unusual).
SURICATA Suricata IDS — signature-based alerts emitted by Suricata rules.
Top Hosts by Combined Risk One row per host. Risk is a weighted blend of HBOS host anomaly, SIGMA + OCCAM behavioral detections, and Suricata IDS hits. Click ▸ to see per-detector evidence.
Token classes baseline BE Benign early RC Reconnaissance RD Resource Development foothold IA Initial Access EX Execution PE Persistence DE Defense Evasion late LM Lateral Movement CO Collection terminal EF Exfiltration IM Impact
Risk Host Signals Evidence 94
10.0.42.118 HBOS SIGMA OCCAM SURICATA behavior on bytes_outbound deviates from baseline (score 0.91); matched LM Lateral Movement (elevate_to_preintrusion, 8 times); behavior sequence ~0.01% likely vs history; 14 Suricata IDS hit(s) ▸ HBOS · Host Anomaly
0.910
anomaly score (higher = more deviant)
bytes_outbound 0.420 dst_port_entropy 0.310 peer_count 0.180 SIGMA + OCCAM · Behavioral
Top token: LM Lateral Movement · elevate_to_preintrusion
77
10.0.42.203 HBOS SIGMA OCCAM behavior on beacon_score deviates from baseline (score 0.84); matched EX Execution (elevate_to_preintrusion, 6 times); behavior sequence ~0.04% likely vs history ▸ HBOS · Host Anomaly
0.840
anomaly score (higher = more deviant)
beacon_score 0.510 dns_unique 0.280 tls_ja3_div 0.130 SIGMA + OCCAM · Behavioral
Top token: EX Execution · elevate_to_preintrusion
SURICATA · IDS
no Suricata alerts
52
10.0.31.84 SIGMA OCCAM SURICATA matched IA Initial Access (elevate_to_preintrusion, 4 times); behavior sequence ~0.02% likely vs history; 22 Suricata IDS hit(s) ▸ HBOS · Host Anomaly
no HBOS detection
SIGMA + OCCAM · Behavioral
Top token: IA Initial Access · elevate_to_preintrusion
47
10.0.18.247 HBOS SIGMA OCCAM behavior on peer_count deviates from baseline (score 0.72); behavior sequence ~0.22% likely vs history ▸ HBOS · Host Anomaly
0.720
anomaly score (higher = more deviant)
peer_count 0.410 port_entropy 0.280 bytes_internal 0.150 SIGMA + OCCAM · Behavioral
Top token: RC Reconnaissance · present
SURICATA · IDS
no Suricata alerts
35
192.168.4.13 HBOS SIGMA behavior on dns_nx_rate deviates from baseline (score 0.38); matched CO Collection (investigate, 2 times) ▸ HBOS · Host Anomaly
0.380
anomaly score (higher = more deviant)
dns_nx_rate 0.390 dns_qtype_div 0.270 dns_unique 0.210 SIGMA + OCCAM · Behavioral
Top token: CO Collection · investigate
SURICATA · IDS
no Suricata alerts
27
10.0.42.142 HBOS behavior on tls_ja3_div deviates from baseline (score 0.68) ▸ HBOS · Host Anomaly
0.680
anomaly score (higher = more deviant)
tls_ja3_div 0.360 cert_age_days 0.240 sni_entropy 0.180 SIGMA + OCCAM · Behavioral
no SIGMA detections
SURICATA · IDS
no Suricata alerts
27
10.0.31.92 SIGMA SURICATA matched PE Persistence (investigate, 1 times); 11 Suricata IDS hit(s) ▸ HBOS · Host Anomaly
no HBOS detection
SIGMA + OCCAM · Behavioral
Top token: PE Persistence · investigate
21
10.0.18.213 SIGMA OCCAM behavior sequence ~0.08% likely vs history ▸ HBOS · Host Anomaly
no HBOS detection
SIGMA + OCCAM · Behavioral
Top token: EF Exfiltration · present
SURICATA · IDS
no Suricata alerts
21
10.0.42.97 HBOS SURICATA behavior on bytes_total deviates from baseline (score 0.32); 8 Suricata IDS hit(s) ▸ HBOS · Host Anomaly
0.320
anomaly score (higher = more deviant)
bytes_total 0.480 flow_count 0.220 peer_count 0.140 SIGMA + OCCAM · Behavioral
no SIGMA detections
16
10.0.18.92 HBOS SIGMA behavior on dns_nx_rate deviates from baseline (score 0.41) ▸ HBOS · Host Anomaly
0.410
anomaly score (higher = more deviant)
dns_nx_rate 0.390 dns_qtype_div 0.270 dns_unique 0.210 SIGMA + OCCAM · Behavioral
Top token: RC Reconnaissance · present
SURICATA · IDS
no Suricata alerts
9
10.0.31.108 HBOS behavior on tls_ja3_div deviates from baseline (score 0.22) ▸ HBOS · Host Anomaly
0.220
anomaly score (higher = more deviant)
tls_ja3_div 0.360 cert_age_days 0.240 sni_entropy 0.180 SIGMA + OCCAM · Behavioral
no SIGMA detections
SURICATA · IDS
no Suricata alerts
5
192.168.4.27 SIGMA SURICATA 5 Suricata IDS hit(s) ▸ HBOS · Host Anomaly
no HBOS detection
SIGMA + OCCAM · Behavioral
Top token: BE Benign · suppress_known
Detection Swimlane Each lane is one detector. Rows are the same hosts in the table above. Bright cells = strong signal; vertical alignment across lanes = co-firing (the strongest triage signal).
18:00
20:00
22:00
00:00
01:00
02:00
04:00
05:00
06:00
07:00
08:00
09:00
10:00
11:00
12:00
13:00
14:00
10.0.42.118
10.0.42.203
10.0.31.84
10.0.18.247
192.168.4.13
10.0.42.142
10.0.31.92
10.0.18.213
10.0.42.97
10.0.18.92
10.0.31.108
192.168.4.27
10.0.42.118
10.0.42.203
10.0.31.84
10.0.18.247
192.168.4.13
10.0.42.142
10.0.31.92
10.0.18.213
10.0.42.97
10.0.18.92
10.0.31.108
192.168.4.27
10.0.42.118
10.0.42.203
10.0.31.84
10.0.18.247
192.168.4.13
10.0.42.142
10.0.31.92
10.0.18.213
10.0.42.97
10.0.18.92
10.0.31.108
192.168.4.27
10.0.42.118
10.0.42.203
10.0.31.84
10.0.18.247
192.168.4.13
10.0.42.142
10.0.31.92
10.0.18.213
10.0.42.97
10.0.18.92
10.0.31.108
192.168.4.27
Global Connections
Global Connection Map
Connections by Country
Alerts by Country
IP Reputation by Country
Event Type
Total
Unique Sources
Unique Destinations
flow
2,847,392
1,284
18,472
dns
1,523,847
892
142
tls
948,271
743
12,384
alert
12,847
234
1,892
http
384,291
521
8,743
Flow Orientation Traffic direction relative to HOME_NET: ii internal→internal, ie internal→external, ei external→internal, ee external→external
Direction
Flows
Traffic (GB)
Sources
Destinations
ii
1,982,473
548.20
842
987
ie
612,847
218.40
1,184
8,473
ei
218,493
74.80
3,412
284
ee
33,579
5.90
412
847
Hourly Traffic Volume
Alert Timeline
Alert Severity Breakdown
Top 10 Talkers
Source IP
Flows
Total GB
Out GB
In GB
Unique Dests
10.1.8.50
284,392
82.40
31.20
51.20
4,827
10.1.8.13
198,472
64.70
28.90
35.80
3,284
10.169.112.51
172,384
52.30
19.40
32.90
2,847
10.1.12.100
148,291
41.80
15.70
26.10
2,192
10.169.111.12
124,837
38.20
14.30
23.90
1,847
10.1.8.22
98,472
29.40
11.20
18.20
1,523
10.6.19.21
84,291
24.80
9.70
15.10
1,284
10.1.8.35
72,384
21.30
8.40
12.90
1,092
10.169.112.15
64,827
18.70
7.10
11.60
943
10.1.12.88
52,948
15.20
5.80
9.40
847
Top External Destinations
Destination
Country
Organization
Clients
Sent MB
Recv MB
13.107.42.14
US
Microsoft
312
2,847.3
8,472.1
142.250.80.46
US
Google
284
1,923.4
6,284.7
104.18.32.68
US
Cloudflare
247
1,284.8
4,827.3
52.96.166.130
US
Amazon AWS
198
984.2
3,284.1
151.101.1.140
US
Fastly
176
847.3
2,847.6
185.199.108.153
NL
GitHub
142
623.4
1,847.2
172.217.14.99
US
Google
118
492.8
1,284.3
23.235.46.133
US
Verizon Digital
98
384.2
984.7
198.41.128.100
DE
Cloudflare
84
287.3
847.2
93.184.216.34
EU
Edgecast
72
234.1
623.4
Port Sonar — Destination Port × Subnet Port Activity Across Subnets View: Source (who is calling) Destination (what is exposed) CIDR: /16 /24 /32
10.169.0.0/16 → :9200 | 240 flows | 1 host(s) 10.1.0.0/16 → :80 | 5400 flows | 24 host(s) 10.1.0.0/16 → :3389 | 4200 flows | 11 host(s) 10.169.0.0/16 → :22 | 240 flows | 1 host(s) 10.6.0.0/16 → :123 | 320 flows | 6 host(s) 10.6.0.0/16 → :53 | 4200 flows | 12 host(s) 10.169.0.0/16 → :53 | 12600 flows | 36 host(s) 10.169.0.0/16 → :443 | 25200 flows | 54 host(s) 10.1.0.0/16 → :139 | 1500 flows | 8 host(s) 10.1.0.0/16 → :389 | 1800 flows | 4 host(s) 10.169.0.0/16 → :25 | 160 flows | 1 host(s) 10.169.0.0/16 → :123 | 960 flows | 18 host(s) 10.4.0.0/16 → :80 | 1800 flows | 8 host(s) 10.1.0.0/16 → :123 | 960 flows | 18 host(s) 172.16.0.0/16 → :443 | 8400 flows | 18 host(s) 10.2.0.0/16 → :123 | 320 flows | 6 host(s) 10.169.0.0/16 → :6379 | 200 flows | 1 host(s) 10.169.0.0/16 → :445 | 340 flows | 1 host(s) 10.169.0.0/16 → :1433 | 6280 flows | 12 host(s) 10.1.0.0/16 → :9200 | 2600 flows | 3 host(s) 10.169.0.0/16 → :80 | 5400 flows | 24 host(s) 10.4.0.0/16 → :123 | 320 flows | 6 host(s) 192.168.0.0/16 → :53 | 8400 flows | 24 host(s) 172.16.0.0/16 → :80 | 1800 flows | 8 host(s) 172.16.0.0/16 → :3389 | 5800 flows | 2 host(s) 10.2.0.0/16 → :80 | 1800 flows | 8 host(s) 10.4.0.0/16 → :443 | 8400 flows | 18 host(s) 10.169.0.0/16 → :5432 | 220 flows | 1 host(s) 10.169.0.0/16 → :389 | 180 flows | 1 host(s) 10.1.0.0/16 → :445 | 6800 flows | 14 host(s) 192.168.0.0/16 → :123 | 640 flows | 12 host(s) 10.1.0.0/16 → :53 | 12600 flows | 36 host(s) 172.16.0.0/16 → :53 | 4200 flows | 12 host(s) 10.2.0.0/16 → :587 | 1200 flows | 2 host(s) 10.1.0.0/16 → :443 | 25200 flows | 54 host(s) 10.1.0.0/16 → :135 | 1800 flows | 9 host(s) 192.168.0.0/16 → :443 | 16800 flows | 36 host(s) 172.16.0.0/16 → :123 | 320 flows | 6 host(s) 10.2.0.0/16 → :465 | 900 flows | 2 host(s) 10.1.0.0/16 → :5432 | 2200 flows | 4 host(s) 10.1.0.0/16 → :6379 | 1800 flows | 4 host(s) 10.169.0.0/16 → :3389 | 420 flows | 1 host(s) 192.168.0.0/16 → :80 | 3600 flows | 16 host(s) 10.4.0.0/16 → :53 | 4200 flows | 12 host(s) 10.6.0.0/16 → :443 | 8400 flows | 18 host(s) 10.6.0.0/16 → :80 | 1800 flows | 8 host(s) 10.2.0.0/16 → :443 | 8400 flows | 18 host(s) 10.2.0.0/16 → :25 | 1400 flows | 2 host(s) 10.2.0.0/16 → :53 | 4200 flows | 12 host(s) 10.1.0.0/16 → :636 | 1200 flows | 4 host(s) 10.6.0.0/16 → :22 | 2400 flows | 4 host(s) 22 ssh 25 smtp 53 dns 80 http 123 135 rpc 139 netbios 389 ldap 443 https 445 smb 465 smtps 587 submission 636 ldaps 1433 mssql 3389 rdp 5432 pgsql 6379 redis 9200 elastic 10.1.0.0/16 10.169.0.0/16 192.168.0.0/16 172.16.0.0/16 10.2.0.0/16 10.6.0.0/16 10.4.0.0/16 Port Source /16
10.6.19.0/24 → :22 | 2400 flows | 4 host(s) 10.169.111.0/24 → :123 | 320 flows | 6 host(s) 10.169.111.0/24 → :443 | 8400 flows | 18 host(s) 10.1.8.0/24 → :443 | 8400 flows | 18 host(s) 192.168.20.0/24 → :80 | 1800 flows | 8 host(s) 10.1.12.0/24 → :80 | 1800 flows | 8 host(s) 192.168.10.0/24 → :123 | 320 flows | 6 host(s) 10.2.5.0/24 → :80 | 1800 flows | 8 host(s) 10.1.40.0/24 → :5432 | 2200 flows | 4 host(s) 10.1.12.0/24 → :123 | 320 flows | 6 host(s) 10.1.40.0/24 → :6379 | 1800 flows | 4 host(s) 10.6.19.0/24 → :80 | 1800 flows | 8 host(s) 10.169.112.0/24 → :123 | 320 flows | 6 host(s) 10.2.5.0/24 → :443 | 8400 flows | 18 host(s) 10.169.99.0/24 → :123 | 320 flows | 6 host(s) 10.4.18.0/24 → :80 | 1800 flows | 8 host(s) 10.4.18.0/24 → :443 | 8400 flows | 18 host(s) 10.169.99.0/24 → :443 | 8400 flows | 18 host(s) 10.169.99.0/24 → :3389 | 420 flows | 1 host(s) 10.169.112.0/24 → :1433 | 2800 flows | 5 host(s) 10.169.111.0/24 → :80 | 1800 flows | 8 host(s) 10.1.8.0/24 → :123 | 320 flows | 6 host(s) 10.4.18.0/24 → :123 | 320 flows | 6 host(s) 10.169.99.0/24 → :389 | 180 flows | 1 host(s) 10.2.5.0/24 → :587 | 1200 flows | 2 host(s) 10.169.99.0/24 → :6379 | 200 flows | 1 host(s) 10.1.8.0/24 → :445 | 6800 flows | 14 host(s) 10.1.40.0/24 → :80 | 1800 flows | 8 host(s) 10.169.99.0/24 → :22 | 240 flows | 1 host(s) 172.16.4.0/24 → :443 | 8400 flows | 18 host(s) 10.169.99.0/24 → :445 | 340 flows | 1 host(s) 10.169.112.0/24 → :80 | 1800 flows | 8 host(s) 10.1.40.0/24 → :443 | 8400 flows | 18 host(s) 192.168.10.0/24 → :443 | 8400 flows | 18 host(s) 10.2.5.0/24 → :53 | 4200 flows | 12 host(s) 10.169.112.0/24 → :53 | 4200 flows | 12 host(s) 172.16.4.0/24 → :53 | 4200 flows | 12 host(s) 10.169.99.0/24 → :25 | 160 flows | 1 host(s) 10.169.111.0/24 → :53 | 4200 flows | 12 host(s) 192.168.10.0/24 → :53 | 4200 flows | 12 host(s) 172.16.4.0/24 → :80 | 1800 flows | 8 host(s) 192.168.20.0/24 → :123 | 320 flows | 6 host(s) 10.2.5.0/24 → :25 | 1400 flows | 2 host(s) 10.1.8.0/24 → :80 | 1800 flows | 8 host(s) 10.6.19.0/24 → :443 | 8400 flows | 18 host(s) 10.1.8.0/24 → :139 | 1500 flows | 8 host(s) 10.169.99.0/24 → :5432 | 220 flows | 1 host(s) 10.2.5.0/24 → :123 | 320 flows | 6 host(s) 10.4.18.0/24 → :53 | 4200 flows | 12 host(s) 10.1.12.0/24 → :389 | 1800 flows | 4 host(s) 172.16.4.0/24 → :3389 | 5800 flows | 2 host(s) 10.6.19.0/24 → :53 | 4200 flows | 12 host(s) 10.1.12.0/24 → :53 | 4200 flows | 12 host(s) 10.169.99.0/24 → :53 | 4200 flows | 12 host(s) 10.1.12.0/24 → :443 | 8400 flows | 18 host(s) 10.169.99.0/24 → :80 | 1800 flows | 8 host(s) 10.169.99.0/24 → :9200 | 240 flows | 1 host(s) 10.6.19.0/24 → :123 | 320 flows | 6 host(s) 10.1.40.0/24 → :53 | 4200 flows | 12 host(s) 10.1.40.0/24 → :123 | 320 flows | 6 host(s) 10.169.99.0/24 → :1433 | 280 flows | 1 host(s) 10.2.5.0/24 → :465 | 900 flows | 2 host(s) 10.169.111.0/24 → :1433 | 3200 flows | 6 host(s) 192.168.20.0/24 → :443 | 8400 flows | 18 host(s) 10.1.12.0/24 → :636 | 1200 flows | 4 host(s) 192.168.10.0/24 → :80 | 1800 flows | 8 host(s) 192.168.20.0/24 → :53 | 4200 flows | 12 host(s) 10.1.40.0/24 → :9200 | 2600 flows | 3 host(s) 10.1.8.0/24 → :3389 | 4200 flows | 11 host(s) 172.16.4.0/24 → :123 | 320 flows | 6 host(s) 10.1.8.0/24 → :53 | 4200 flows | 12 host(s) 10.169.112.0/24 → :443 | 8400 flows | 18 host(s) 10.1.8.0/24 → :135 | 1800 flows | 9 host(s) 22 ssh 25 smtp 53 dns 80 http 123 135 rpc 139 netbios 389 ldap 443 https 445 smb 465 smtps 587 submission 636 ldaps 1433 mssql 3389 rdp 5432 pgsql 6379 redis 9200 elastic 10.1.8.0/24 10.1.40.0/24 172.16.4.0/24 10.169.99.0/24 10.2.5.0/24 10.169.111.0/24 10.1.12.0/24 10.169.112.0/24 10.6.19.0/24 10.4.18.0/24 192.168.10.0/24 192.168.20.0/24 Port Source /24
10.1.8.38 → :139 | 250 flows | 1 host(s) 10.1.8.45 → :139 | 250 flows | 1 host(s) 10.6.19.24 → :80 | 300 flows | 1 host(s) 10.1.40.24 → :5432 | 550 flows | 1 host(s) 10.1.8.17 → :80 | 300 flows | 1 host(s) 10.6.19.31 → :123 | 53 flows | 1 host(s) 10.169.99.10 → :443 | 1400 flows | 1 host(s) 10.1.8.10 → :445 | 1133 flows | 1 host(s) 10.169.99.10 → :53 | 700 flows | 1 host(s) 10.1.40.17 → :9200 | 866 flows | 1 host(s) 10.1.8.10 → :80 | 300 flows | 1 host(s) 10.169.112.17 → :53 | 700 flows | 1 host(s) 10.1.40.10 → :53 | 700 flows | 1 host(s) 10.1.40.24 → :80 | 300 flows | 1 host(s) 10.1.40.24 → :123 | 53 flows | 1 host(s) 10.1.8.45 → :3389 | 700 flows | 1 host(s) 10.1.8.10 → :53 | 700 flows | 1 host(s) 10.169.112.31 → :80 | 300 flows | 1 host(s) 10.6.19.31 → :80 | 300 flows | 1 host(s) 10.169.112.17 → :1433 | 560 flows | 1 host(s) 10.1.40.24 → :6379 | 450 flows | 1 host(s) 10.1.8.31 → :80 | 300 flows | 1 host(s) 10.169.112.10 → :80 | 300 flows | 1 host(s) 10.2.5.10 → :443 | 1400 flows | 1 host(s) 10.1.8.38 → :53 | 700 flows | 1 host(s) 10.2.5.10 → :80 | 300 flows | 1 host(s) 10.2.5.17 → :25 | 700 flows | 1 host(s) 10.1.12.31 → :443 | 1400 flows | 1 host(s) 10.169.112.31 → :53 | 700 flows | 1 host(s) 10.2.5.17 → :80 | 300 flows | 1 host(s) 10.1.8.10 → :3389 | 700 flows | 1 host(s) 10.2.5.10 → :123 | 53 flows | 1 host(s) 10.169.112.38 → :80 | 300 flows | 1 host(s) 10.169.99.10 → :5432 | 220 flows | 1 host(s) 10.1.40.24 → :9200 | 866 flows | 1 host(s) 10.1.40.17 → :80 | 300 flows | 1 host(s) 10.1.8.31 → :443 | 1400 flows | 1 host(s) 10.169.112.17 → :80 | 300 flows | 1 host(s) 172.16.4.17 → :123 | 53 flows | 1 host(s) 10.169.99.10 → :22 | 240 flows | 1 host(s) 10.1.40.31 → :123 | 53 flows | 1 host(s) 10.6.19.10 → :22 | 600 flows | 1 host(s) 10.2.5.17 → :587 | 600 flows | 1 host(s) 10.1.12.10 → :389 | 450 flows | 1 host(s) 10.1.12.31 → :53 | 700 flows | 1 host(s) 10.169.112.31 → :443 | 1400 flows | 1 host(s) 10.1.8.24 → :443 | 1400 flows | 1 host(s) 10.1.8.45 → :443 | 1400 flows | 1 host(s) 10.1.8.38 → :445 | 1133 flows | 1 host(s) 10.1.12.10 → :636 | 300 flows | 1 host(s) 10.6.19.24 → :53 | 700 flows | 1 host(s) 10.1.12.17 → :53 | 700 flows | 1 host(s) 10.169.112.10 → :123 | 53 flows | 1 host(s) 10.169.112.38 → :53 | 700 flows | 1 host(s) 10.1.8.17 → :445 | 1133 flows | 1 host(s) 10.6.19.24 → :443 | 1400 flows | 1 host(s) 172.16.4.17 → :443 | 1400 flows | 1 host(s) 10.1.8.31 → :445 | 1133 flows | 1 host(s) 10.169.99.10 → :445 | 340 flows | 1 host(s) 10.1.40.24 → :443 | 1400 flows | 1 host(s) 10.169.111.17 → :123 | 53 flows | 1 host(s) 10.169.112.24 → :53 | 700 flows | 1 host(s) 10.169.99.10 → :6379 | 200 flows | 1 host(s) 172.16.4.10 → :3389 | 2900 flows | 1 host(s) 10.169.112.10 → :1433 | 560 flows | 1 host(s) 10.1.8.45 → :445 | 1133 flows | 1 host(s) 10.169.99.10 → :25 | 160 flows | 1 host(s) 10.169.112.31 → :123 | 53 flows | 1 host(s) 10.1.12.24 → :80 | 300 flows | 1 host(s) 10.6.19.17 → :123 | 53 flows | 1 host(s) 10.1.12.24 → :443 | 1400 flows | 1 host(s) 10.1.8.17 → :139 | 250 flows | 1 host(s) 10.1.8.17 → :3389 | 700 flows | 1 host(s) 172.16.4.17 → :3389 | 2900 flows | 1 host(s) 10.2.5.10 → :587 | 600 flows | 1 host(s) 10.169.112.24 → :1433 | 560 flows | 1 host(s) 10.6.19.17 → :53 | 700 flows | 1 host(s) 10.1.12.24 → :636 | 300 flows | 1 host(s) 172.16.4.10 → :123 | 53 flows | 1 host(s) 10.1.8.24 → :123 | 53 flows | 1 host(s) 10.1.40.10 → :6379 | 450 flows | 1 host(s) 10.1.40.17 → :6379 | 450 flows | 1 host(s) 10.169.111.10 → :80 | 300 flows | 1 host(s) 10.1.8.38 → :80 | 300 flows | 1 host(s) 10.169.112.17 → :123 | 53 flows | 1 host(s) 10.169.111.17 → :443 | 1400 flows | 1 host(s) 10.2.5.17 → :123 | 53 flows | 1 host(s) 10.169.99.10 → :80 | 300 flows | 1 host(s) 10.1.8.10 → :135 | 300 flows | 1 host(s) 10.2.5.17 → :443 | 1400 flows | 1 host(s) 10.1.8.17 → :135 | 300 flows | 1 host(s) 10.6.19.10 → :123 | 53 flows | 1 host(s) 10.1.12.31 → :123 | 53 flows | 1 host(s) 10.1.40.17 → :53 | 700 flows | 1 host(s) 10.169.112.17 → :443 | 1400 flows | 1 host(s) 10.1.8.38 → :135 | 300 flows | 1 host(s) 10.1.40.31 → :6379 | 450 flows | 1 host(s) 10.1.8.45 → :53 | 700 flows | 1 host(s) 10.1.8.31 → :53 | 700 flows | 1 host(s) 10.1.12.10 → :80 | 300 flows | 1 host(s) 10.1.8.31 → :139 | 250 flows | 1 host(s) 10.1.12.17 → :636 | 300 flows | 1 host(s) 10.2.5.10 → :465 | 450 flows | 1 host(s) 10.169.111.17 → :80 | 300 flows | 1 host(s) 10.6.19.31 → :443 | 1400 flows | 1 host(s) 10.1.8.45 → :80 | 300 flows | 1 host(s) 10.169.111.10 → :1433 | 533 flows | 1 host(s) 10.169.112.24 → :443 | 1400 flows | 1 host(s) 10.1.40.10 → :80 | 300 flows | 1 host(s) 172.16.4.17 → :53 | 700 flows | 1 host(s) 10.169.111.10 → :443 | 1400 flows | 1 host(s) 10.1.40.31 → :443 | 1400 flows | 1 host(s) 10.1.8.31 → :135 | 300 flows | 1 host(s) 10.1.40.31 → :80 | 300 flows | 1 host(s) 10.1.40.31 → :53 | 700 flows | 1 host(s) 10.1.8.38 → :3389 | 700 flows | 1 host(s) 10.1.12.31 → :389 | 450 flows | 1 host(s) 10.169.112.10 → :443 | 1400 flows | 1 host(s) 10.1.40.10 → :5432 | 550 flows | 1 host(s) 10.1.12.17 → :123 | 53 flows | 1 host(s) 10.1.40.17 → :123 | 53 flows | 1 host(s) 10.1.12.31 → :636 | 300 flows | 1 host(s) 10.169.112.24 → :123 | 53 flows | 1 host(s) 10.1.8.17 → :123 | 53 flows | 1 host(s) 10.6.19.17 → :443 | 1400 flows | 1 host(s) 10.169.99.10 → :9200 | 240 flows | 1 host(s) 10.6.19.31 → :22 | 600 flows | 1 host(s) 10.1.8.24 → :139 | 250 flows | 1 host(s) 10.169.112.24 → :80 | 300 flows | 1 host(s) 10.6.19.17 → :22 | 600 flows | 1 host(s) 10.1.12.24 → :389 | 450 flows | 1 host(s) 10.1.12.31 → :80 | 300 flows | 1 host(s) 10.169.112.31 → :1433 | 560 flows | 1 host(s) 172.16.4.17 → :80 | 300 flows | 1 host(s) 10.1.12.24 → :53 | 700 flows | 1 host(s) 10.1.12.17 → :443 | 1400 flows | 1 host(s) 172.16.4.10 → :80 | 300 flows | 1 host(s) 10.1.8.10 → :139 | 250 flows | 1 host(s) 10.169.99.10 → :1433 | 280 flows | 1 host(s) 10.169.112.10 → :53 | 700 flows | 1 host(s) 10.1.8.24 → :53 | 700 flows | 1 host(s) 10.1.12.10 → :123 | 53 flows | 1 host(s) 10.169.99.10 → :123 | 53 flows | 1 host(s) 10.1.8.45 → :135 | 300 flows | 1 host(s) 10.6.19.24 → :22 | 600 flows | 1 host(s) 10.169.111.17 → :1433 | 533 flows | 1 host(s) 10.2.5.17 → :53 | 700 flows | 1 host(s) 10.169.112.38 → :123 | 53 flows | 1 host(s) 10.1.8.38 → :443 | 1400 flows | 1 host(s) 10.1.12.17 → :80 | 300 flows | 1 host(s) 10.1.8.17 → :443 | 1400 flows | 1 host(s) 10.2.5.10 → :53 | 700 flows | 1 host(s) 10.1.8.38 → :123 | 53 flows | 1 host(s) 10.1.8.24 → :80 | 300 flows | 1 host(s) 10.1.8.24 → :445 | 1133 flows | 1 host(s) 172.16.4.10 → :443 | 1400 flows | 1 host(s) 10.1.40.24 → :53 | 700 flows | 1 host(s) 10.1.8.10 → :443 | 1400 flows | 1 host(s) 10.1.40.10 → :443 | 1400 flows | 1 host(s) 10.1.8.24 → :3389 | 700 flows | 1 host(s) 10.1.8.24 → :135 | 300 flows | 1 host(s) 10.1.12.17 → :389 | 450 flows | 1 host(s) 10.6.19.10 → :80 | 300 flows | 1 host(s) 10.1.8.10 → :123 | 53 flows | 1 host(s) 10.1.40.10 → :9200 | 866 flows | 1 host(s) 10.2.5.17 → :465 | 450 flows | 1 host(s) 10.6.19.17 → :80 | 300 flows | 1 host(s) 172.16.4.10 → :53 | 700 flows | 1 host(s) 10.169.111.10 → :53 | 700 flows | 1 host(s) 10.6.19.24 → :123 | 53 flows | 1 host(s) 10.1.40.17 → :443 | 1400 flows | 1 host(s) 10.1.8.45 → :123 | 53 flows | 1 host(s) 10.6.19.10 → :443 | 1400 flows | 1 host(s) 10.1.8.31 → :123 | 53 flows | 1 host(s) 10.169.99.10 → :389 | 180 flows | 1 host(s) 10.1.12.24 → :123 | 53 flows | 1 host(s) 10.1.8.31 → :3389 | 700 flows | 1 host(s) 10.169.111.17 → :53 | 700 flows | 1 host(s) 10.1.40.17 → :5432 | 550 flows | 1 host(s) 10.1.40.31 → :5432 | 550 flows | 1 host(s) 10.1.8.17 → :53 | 700 flows | 1 host(s) 10.2.5.10 → :25 | 700 flows | 1 host(s) 10.1.40.10 → :123 | 53 flows | 1 host(s) 10.1.12.10 → :443 | 1400 flows | 1 host(s) 10.169.99.10 → :3389 | 420 flows | 1 host(s) 10.6.19.31 → :53 | 700 flows | 1 host(s) 10.169.112.38 → :443 | 1400 flows | 1 host(s) 10.169.111.10 → :123 | 53 flows | 1 host(s) 10.169.112.38 → :1433 | 560 flows | 1 host(s) 10.1.12.10 → :53 | 700 flows | 1 host(s) 10.6.19.10 → :53 | 700 flows | 1 host(s) 22 ssh 25 smtp 53 dns 80 http 123 135 rpc 139 netbios 389 ldap 443 https 445 smb 465 smtps 587 submission 636 ldaps 1433 mssql 3389 rdp 5432 pgsql 6379 redis 9200 elastic 10.169.99.10 172.16.4.10 172.16.4.17 10.1.8.10 10.1.8.17 10.1.8.24 10.1.8.31 10.1.8.38 10.1.8.45 10.1.40.10 10.1.40.17 10.1.40.24 10.2.5.10 10.2.5.17 10.1.40.31 10.1.12.10 10.1.12.17 10.1.12.24 10.1.12.31 10.6.19.10 10.6.19.17 10.6.19.24 10.6.19.31 10.169.112.10 10.169.112.17 10.169.112.24 10.169.112.31 10.169.112.38 10.169.111.10 10.169.111.17 Port Source IP
10.50.0.0/16 → :5432 | 3800 flows | 4 host(s) 10.30.0.0/16 → :443 | 24200 flows | 12 host(s) 10.20.0.0/16 → :587 | 2800 flows | 2 host(s) 10.10.0.0/16 → :636 | 6200 flows | 3 host(s) 10.30.0.0/16 → :8443 | 4800 flows | 12 host(s) 8.8.0.0/16 → :53 | 18400 flows | 2 host(s) 142.250.0.0/16 → :443 | 72384 flows | 12 host(s) 10.50.0.0/16 → :6379 | 2400 flows | 3 host(s) 52.96.0.0/16 → :443 | 48291 flows | 9 host(s) 10.10.0.0/16 → :445 | 14200 flows | 3 host(s) 151.101.0.0/16 → :443 | 42847 flows | 7 host(s) 10.30.0.0/16 → :80 | 18400 flows | 12 host(s) 10.50.0.0/16 → :8443 | 9800 flows | 11 host(s) 10.100.0.0/16 → :80 | 2400 flows | 18 host(s) 10.50.0.0/16 → :3306 | 4200 flows | 5 host(s) 10.50.0.0/16 → :8080 | 12400 flows | 14 host(s) 10.10.0.0/16 → :22 | 4800 flows | 2 host(s) 172.217.0.0/16 → :443 | 28472 flows | 8 host(s) 10.10.0.0/16 → :389 | 8900 flows | 3 host(s) 104.18.0.0/16 → :443 | 64827 flows | 14 host(s) 10.100.0.0/16 → :443 | 1800 flows | 18 host(s) 10.50.0.0/16 → :9200 | 4200 flows | 6 host(s) 10.10.0.0/16 → :135 | 7400 flows | 3 host(s) 1.1.0.0/16 → :53 | 14200 flows | 2 host(s) 10.20.0.0/16 → :25 | 3200 flows | 2 host(s) 10.10.0.0/16 → :53 | 4800 flows | 3 host(s) 10.10.0.0/16 → :3389 | 11200 flows | 2 host(s) 10.50.0.0/16 → :1433 | 6800 flows | 8 host(s) 13.107.0.0/16 → :443 | 84291 flows | 8 host(s) 9.9.0.0/16 → :53 | 8300 flows | 1 host(s) 10.30.0.0/16 → :8080 | 6200 flows | 12 host(s) 142.250.0.0/16 → :80 | 4280 flows | 6 host(s) 185.199.0.0/16 → :443 | 34291 flows | 4 host(s) 22 ssh 25 smtp 53 dns 80 http 135 rpc 389 ldap 443 https 445 smb 587 submission 636 ldaps 1433 mssql 3306 mysql 3389 rdp 5432 pgsql 6379 redis 8080 http-proxy 8443 https-alt 9200 elastic 13.107.0.0/16 142.250.0.0/16 104.18.0.0/16 10.10.0.0/16 10.30.0.0/16 52.96.0.0/16 10.50.0.0/16 151.101.0.0/16 185.199.0.0/16 172.217.0.0/16 8.8.0.0/16 1.1.0.0/16 10.20.0.0/16 9.9.0.0/16 10.100.0.0/16 Port Destination /16
10.10.50.0/24 → :3389 | 11200 flows | 2 host(s) 142.250.80.0/24 → :80 | 4280 flows | 6 host(s) 10.50.10.0/24 → :1433 | 6800 flows | 8 host(s) 10.50.20.0/24 → :9200 | 4200 flows | 6 host(s) 52.96.166.0/24 → :443 | 48291 flows | 9 host(s) 10.10.1.0/24 → :445 | 14200 flows | 3 host(s) 1.1.1.0/24 → :53 | 14200 flows | 2 host(s) 10.30.10.0/24 → :8080 | 6200 flows | 12 host(s) 9.9.9.0/24 → :53 | 8300 flows | 1 host(s) 104.18.32.0/24 → :443 | 64827 flows | 14 host(s) 13.107.42.0/24 → :443 | 84291 flows | 8 host(s) 10.50.10.0/24 → :3306 | 4200 flows | 5 host(s) 172.217.14.0/24 → :443 | 28472 flows | 8 host(s) 10.20.5.0/24 → :587 | 2800 flows | 2 host(s) 151.101.1.0/24 → :443 | 42847 flows | 7 host(s) 10.100.1.0/24 → :443 | 1800 flows | 18 host(s) 10.50.10.0/24 → :5432 | 3800 flows | 4 host(s) 10.50.20.0/24 → :8443 | 9800 flows | 11 host(s) 10.30.10.0/24 → :80 | 18400 flows | 12 host(s) 10.30.10.0/24 → :8443 | 4800 flows | 12 host(s) 10.10.1.0/24 → :53 | 4800 flows | 3 host(s) 10.30.10.0/24 → :443 | 24200 flows | 12 host(s) 8.8.8.0/24 → :53 | 18400 flows | 2 host(s) 10.50.20.0/24 → :8080 | 12400 flows | 14 host(s) 10.10.50.0/24 → :22 | 4800 flows | 2 host(s) 10.50.10.0/24 → :6379 | 2400 flows | 3 host(s) 10.100.1.0/24 → :80 | 2400 flows | 18 host(s) 142.250.80.0/24 → :443 | 72384 flows | 12 host(s) 10.10.1.0/24 → :636 | 6200 flows | 3 host(s) 10.20.5.0/24 → :25 | 3200 flows | 2 host(s) 185.199.108.0/24 → :443 | 34291 flows | 4 host(s) 10.10.1.0/24 → :135 | 7400 flows | 3 host(s) 10.10.1.0/24 → :389 | 8900 flows | 3 host(s) 22 ssh 25 smtp 53 dns 80 http 135 rpc 389 ldap 443 https 445 smb 587 submission 636 ldaps 1433 mssql 3306 mysql 3389 rdp 5432 pgsql 6379 redis 8080 http-proxy 8443 https-alt 9200 elastic 13.107.42.0/24 142.250.80.0/24 104.18.32.0/24 10.30.10.0/24 52.96.166.0/24 151.101.1.0/24 10.10.1.0/24 185.199.108.0/24 172.217.14.0/24 10.50.20.0/24 10.50.10.0/24 8.8.8.0/24 10.10.50.0/24 1.1.1.0/24 10.20.5.0/24 9.9.9.0/24 10.100.1.0/24 Port Destination /24
10.30.10.31 → :80 | 3066 flows | 1 host(s) 10.30.10.24 → :443 | 4033 flows | 1 host(s) 104.18.32.45 → :443 | 10804 flows | 1 host(s) 10.10.1.17 → :135 | 2466 flows | 1 host(s) 10.10.1.10 → :389 | 2966 flows | 1 host(s) 10.10.1.24 → :445 | 4733 flows | 1 host(s) 10.30.10.31 → :8443 | 800 flows | 1 host(s) 10.10.1.10 → :135 | 2466 flows | 1 host(s) 10.30.10.38 → :8080 | 1033 flows | 1 host(s) 13.107.42.38 → :443 | 14048 flows | 1 host(s) 142.250.80.38 → :443 | 12064 flows | 1 host(s) 10.30.10.45 → :8080 | 1033 flows | 1 host(s) 142.250.80.24 → :443 | 12064 flows | 1 host(s) 142.250.80.17 → :80 | 713 flows | 1 host(s) 185.199.108.10 → :443 | 8572 flows | 1 host(s) 142.250.80.10 → :443 | 12064 flows | 1 host(s) 10.10.1.10 → :445 | 4733 flows | 1 host(s) 10.30.10.24 → :8443 | 800 flows | 1 host(s) 142.250.80.45 → :80 | 713 flows | 1 host(s) 10.10.1.17 → :445 | 4733 flows | 1 host(s) 142.250.80.38 → :80 | 713 flows | 1 host(s) 104.18.32.24 → :443 | 10804 flows | 1 host(s) 142.250.80.10 → :80 | 713 flows | 1 host(s) 104.18.32.31 → :443 | 10804 flows | 1 host(s) 10.10.1.10 → :53 | 1600 flows | 1 host(s) 10.30.10.17 → :80 | 3066 flows | 1 host(s) 13.107.42.17 → :443 | 14048 flows | 1 host(s) 10.10.1.17 → :389 | 2966 flows | 1 host(s) 104.18.32.10 → :443 | 10804 flows | 1 host(s) 10.30.10.38 → :443 | 4033 flows | 1 host(s) 10.30.10.10 → :8080 | 1033 flows | 1 host(s) 10.30.10.38 → :8443 | 800 flows | 1 host(s) 142.250.80.31 → :443 | 12064 flows | 1 host(s) 13.107.42.45 → :443 | 14048 flows | 1 host(s) 13.107.42.24 → :443 | 14048 flows | 1 host(s) 10.10.1.24 → :53 | 1600 flows | 1 host(s) 142.250.80.45 → :443 | 12064 flows | 1 host(s) 10.10.1.24 → :636 | 2066 flows | 1 host(s) 104.18.32.17 → :443 | 10804 flows | 1 host(s) 10.10.1.24 → :135 | 2466 flows | 1 host(s) 10.30.10.38 → :80 | 3066 flows | 1 host(s) 10.30.10.24 → :80 | 3066 flows | 1 host(s) 10.30.10.45 → :443 | 4033 flows | 1 host(s) 13.107.42.10 → :443 | 14048 flows | 1 host(s) 142.250.80.24 → :80 | 713 flows | 1 host(s) 104.18.32.38 → :443 | 10804 flows | 1 host(s) 10.10.1.17 → :636 | 2066 flows | 1 host(s) 142.250.80.17 → :443 | 12064 flows | 1 host(s) 10.30.10.45 → :80 | 3066 flows | 1 host(s) 10.10.1.24 → :389 | 2966 flows | 1 host(s) 10.30.10.10 → :443 | 4033 flows | 1 host(s) 10.30.10.10 → :8443 | 800 flows | 1 host(s) 10.10.1.10 → :636 | 2066 flows | 1 host(s) 10.30.10.45 → :8443 | 800 flows | 1 host(s) 10.30.10.17 → :8080 | 1033 flows | 1 host(s) 10.30.10.10 → :80 | 3066 flows | 1 host(s) 10.30.10.17 → :443 | 4033 flows | 1 host(s) 10.30.10.24 → :8080 | 1033 flows | 1 host(s) 8.8.8.17 → :53 | 9200 flows | 1 host(s) 10.10.1.17 → :53 | 1600 flows | 1 host(s) 10.30.10.31 → :443 | 4033 flows | 1 host(s) 10.30.10.31 → :8080 | 1033 flows | 1 host(s) 142.250.80.31 → :80 | 713 flows | 1 host(s) 10.30.10.17 → :8443 | 800 flows | 1 host(s) 8.8.8.10 → :53 | 9200 flows | 1 host(s) 13.107.42.31 → :443 | 14048 flows | 1 host(s) 22 ssh 25 smtp 53 dns 80 http 135 rpc 389 ldap 443 https 445 smb 587 submission 636 ldaps 1433 mssql 3306 mysql 3389 rdp 5432 pgsql 6379 redis 8080 http-proxy 8443 https-alt 9200 elastic 13.107.42.10 13.107.42.17 13.107.42.24 13.107.42.31 13.107.42.38 13.107.42.45 10.10.1.10 10.10.1.17 10.10.1.24 142.250.80.10 142.250.80.17 142.250.80.24 142.250.80.31 142.250.80.38 142.250.80.45 104.18.32.10 104.18.32.17 104.18.32.24 104.18.32.31 104.18.32.38 104.18.32.45 8.8.8.10 8.8.8.17 10.30.10.10 10.30.10.17 10.30.10.24 10.30.10.31 10.30.10.38 10.30.10.45 185.199.108.10 Port Destination IP
Vertical streaks → scans · horizontal streaks → service-targeting · isolated bright cells → focused activity. Hover any cell for detail.
Application Protocols