Last 24 hours · Jul 07, 2026 00:09 – Jul 08, 2026 00:09 UTC
Generated: 2026-07-08 00:09:10 UTC
Overview
Total Traffic (GB)
847.30
Outbound (GB)
312.80
Inbound (GB)
534.50
Total Flows
2,847,392
Events/Min
5,787
Top Assets by Risk
Internal hosts ranked by blended risk across the five detection lenses — Alert, Reputation, Anomaly, Behavioral, Performance. Click ▸ on any asset for the per-lens evidence.
Detection Lenses
Each lens contributes to an asset's blended risk. The chips on an asset name the lenses that fired; an asset lighting up across multiple lenses outranks any single-lens hit.
ReputationExternal reputation — IP lookups against AbuseIPDB. Answers: "is this destination known-bad according to external threat intelligence?"
AlertKnown threats — Suricata signature matches. Answers: "is this a fingerprint of an attack someone has named?"
iForestStatistically unusual hosts — per-host outlier scoring via iForest (Isolation Forest). Answers: "does this host look different from the population?"
BehavioralNovel behavior sequences — OCCAM engine. Per-15-min ATT&CK tactic classification + HMM sequence prediction. Answers: "does the order of behaviors on this asset look like an intrusion unfolding?"
HuntFlow-pattern queries — rockfish-hunt engine. Heuristic analysis over flow data for beaconing, lateral movement, fanout, port scanning, and community-cluster shapes. Answers: "does this flow fit a known C2/scan/lateral pattern right now?"
PerformanceDrift from normal — per-asset baseline drift and SLA breaches over 15-min windows. Answers: "has this asset started behaving differently from its own past?"
Global Connections
Global Connection Map
Top Detections by Flow
Individual detections across all lenses, ranked by severity — each with its source → destination pair.
| Severity | Lens | Source → Destination | Detection |
|---|---|---|---|
| 0.93 | Anomaly | 10.169.112.51 → 104.18.32.68 | iForest per-flow outlier (score 0.93) |
| 0.90 | Alert | 10.1.12.88 → 45.142.213.18 | ET TROJAN C2 Beacon HTTP Pattern (severity 1) |
| 0.88 | Reputation | 10.1.12.88 → 45.142.213.18 | Known C2 infrastructure (drep 96) |
| 0.86 | Behavioral | 10.1.8.50 → 10.10.50.12 | OCCAM pre-intrusion path (elevate) |
| 0.85 | Alert | 10.1.8.50 → 8.8.8.8 | ET MALWARE DNS Tunneling Detected (severity 1) |
| 0.80 | Alert | 185.220.101.34 → 10.1.8.22 | ET EXPLOIT SMB Remote Code Exec (severity 1) |
| 0.78 | Behavioral | 10.1.12.88 → 45.142.213.18 | Beaconing to external host (hunt) |
| 0.72 | Alert | 203.0.113.5 → 10.10.50.12 | ET SCAN RDP Brute Force Attempt (severity 2) |
| 0.71 | Anomaly | 10.4.18.15 → 162.247.74.27 | iForest per-flow outlier (score 0.71) |
| 0.68 | Performance | 10.1.12.100 → 52.96.166.130 | Critical — TCP reset storm (state critical) |
| 0.66 | Behavioral | 10.1.8.22 → 10.10.1.5 | Lateral movement over SMB (hunt) |
| 0.64 | Reputation | 10.6.19.21 → 89.248.165.12 | Active scanner (drep 74) |
| 0.60 | Anomaly | 10.1.40.22 → 23.235.46.133 | HBOS host drift (score 0.60) |
| 0.54 | Behavioral | 10.1.40.22 → 10.10.1.5 | SIGMA: suspicious PowerShell (sigma) |
| 0.52 | Reputation | 10.20.5.18 → 185.220.101.34 | Spam source (drep 58) |
| Event Type | Total | Unique Sources | Unique Destinations |
|---|---|---|---|
| flow | 2,847,392 | 1,284 | 18,472 |
| dns | 1,523,847 | 892 | 142 |
| tls | 948,271 | 743 | 12,384 |
| alert | 12,847 | 234 | 1,892 |
| http | 384,291 | 521 | 8,743 |
Flow Orientation
Traffic direction relative to HOME_NET.
| Direction | Flows | Traffic (GB) | Sources | Destinations |
|---|---|---|---|---|
| internal to internal | 1,982,473 | 548.20 | 842 | 987 |
| internal to external | 612,847 | 218.40 | 1,184 | 8,473 |
| external to internal | 218,493 | 74.80 | 3,412 | 284 |
| external to external | 33,579 | 5.90 | 412 | 847 |
Top 10 Talkers
| Source IP | Flows | Total GB | Out GB | In GB | Unique Dests |
|---|---|---|---|---|---|
| 10.1.8.50 | 284,392 | 82.40 | 31.20 | 51.20 | 4,827 |
| 10.1.8.13 | 198,472 | 64.70 | 28.90 | 35.80 | 3,284 |
| 10.169.112.51 | 172,384 | 52.30 | 19.40 | 32.90 | 2,847 |
| 10.1.12.100 | 148,291 | 41.80 | 15.70 | 26.10 | 2,192 |
| 10.169.111.12 | 124,837 | 38.20 | 14.30 | 23.90 | 1,847 |
| 10.1.8.22 | 98,472 | 29.40 | 11.20 | 18.20 | 1,523 |
| 10.6.19.21 | 84,291 | 24.80 | 9.70 | 15.10 | 1,284 |
| 10.1.8.35 | 72,384 | 21.30 | 8.40 | 12.90 | 1,092 |
| 10.169.112.15 | 64,827 | 18.70 | 7.10 | 11.60 | 943 |
| 10.1.12.88 | 52,948 | 15.20 | 5.80 | 9.40 | 847 |
Top External Destinations
| Destination | Country | Organization | Clients | Sent MB | Recv MB |
|---|---|---|---|---|---|
| 13.107.42.14 | US | Microsoft | 312 | 2,847.3 | 8,472.1 |
| 142.250.80.46 | US | 284 | 1,923.4 | 6,284.7 | |
| 104.18.32.68 | US | Cloudflare | 247 | 1,284.8 | 4,827.3 |
| 52.96.166.130 | US | Amazon AWS | 198 | 984.2 | 3,284.1 |
| 151.101.1.140 | US | Fastly | 176 | 847.3 | 2,847.6 |
| 185.199.108.153 | NL | GitHub | 142 | 623.4 | 1,847.2 |
| 172.217.14.99 | US | 118 | 492.8 | 1,284.3 | |
| 23.235.46.133 | US | Verizon Digital | 98 | 384.2 | 984.7 |
| 198.41.128.100 | DE | Cloudflare | 84 | 287.3 | 847.2 |
| 93.184.216.34 | EU | Edgecast | 72 | 234.1 | 623.4 |