Scribd
Upload
80 views3 pages

Source IP Continus ICMP

An offense was detected involving ICMP echo requests from IP address 10.10.80.33 to local IP addresses. Over 1,300 events and 35,000 flows were observed over the past 8 days. The source IP is located in the Air-Gapped.Branches network and targeted local systems in the Air-Gapped.HQ network. No additional details are available on the source, and the events remain unassigned.

Uploaded by

Islam Atallah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
80 views3 pages

Source IP Continus ICMP

An offense was detected involving ICMP echo requests from IP address 10.10.80.33 to local IP addresses. Over 1,300 events and 35,000 flows were observed over the past 8 days. The source IP is located in the Air-Gapped.Branches network and targeted local systems in the Air-Gapped.HQ network. No additional details are available on the source, and the events remain unassigned.

Uploaded by

Islam Atallah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

12/13/22, 3:08 PM Offense

Offense 205

Magnitude Status Relevance 6 Severity 5 Credibility

Offense Type Source IP


Local Suspicious Probe Events Detected
Description
containing ICMP.Echo
Event/Flow count 1,343 events and 34,954 flows in 2 categories

Source IP(s) 10.10.80.33 Start Dec 5, 2022, 11:48:21 AM

Destination IP(s) Local (24)  Duration 8d 3h 20m 16s

Network(s) Air-Gapped.HQ Assigned to Unassigned

Offense Source Summary

IP 10.10.80.33 Location  Air-Gapped.Branches

Magnitude Vulnerabilities 0

Username Unknown MAC Address Unknown NIC

Host Name Unknown

Asset Name Unknown Weight 0

Offenses 4 Events/Flows 44,945

Last 5 Notes

Notes Username Creation Date

No results were returned.

Last 5 Search Results

Magnitude Started On Ended On Duration Events/Flows

No results were returned.

Top 5 Source IPs

Source IP Magnitude Location Vulnerability User MAC Weight Offenses Destination(s) Last Event/Flow Events/Flows
10.10.80.33  Air-Gapped.Branches No Unknown Unknown NIC 0 4 24 0s 44,945

Top 5 Destination IPs


Destination
Magnitude Location Vulnerability Chained User MAC Weight Offenses Source(s) Last Event/Flow Events/Flows
IP
 Air-Gapped.HQ No Yes Unknown Unknown NIC 0 7 7 0s 21,486
1.11.3.8

 Air-Gapped.HQ No Yes Unknown Unknown NIC 0 6 5 0s 21,209


1.11.3.9

 Air-Gapped.HQ No Yes Unknown Unknown NIC 0 5 5 0s 12,936


1.11.3.22

 Air-Gapped.HQ No Yes Unknown Unknown NIC 0 6 5 0s 20,577


1.11.3.7
 Air-Gapped.HQ No Yes Unknown Unknown NIC 0 6 5 0s 10,336
1.11.3.5

Top 5 Log Sources

https://10.10.30.84/console/do/sem/offensesummary?appName=Sem&pageId=OffenseCategoryList&summaryId=205 1/3
12/13/22, 3:08 PM Offense
Name Description Group Events Offenses Total Events
Custom Rule Engine-8 :: Qradar Custom Rule Engine 1,343 637 47,809

Top 5 Users

Name Events/Flows Offenses Total Events/Flows

No results were returned.

Top 5 Categories

Name Magnitude Local Destination Count Events/Flows First Event/Flow Last Event/Flow    

Host Query 24 1,343 Dec 5, 2022, 11:48:07 AM Dec 13, 2022, 3:02:01 PM
ICMP 24 34,954 Dec 5, 2022, 11:48:17 AM Dec 13, 2022, 3:08:38 PM

Last 10 Events

Event Name Magnitude Log Source Category Destination Destination IPv6 Dst Port Time
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.7 0:0:0:0:0:0:0:0 0
Detected Qradar 2:32:06 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.13 0:0:0:0:0:0:0:0 0
Detected Qradar 2:35:09 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.10 0:0:0:0:0:0:0:0 0
Detected Qradar 2:37:14 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.7 0:0:0:0:0:0:0:0 0
Detected Qradar 2:43:03 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.21 0:0:0:0:0:0:0:0 0
Detected Qradar 2:48:14 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.22 0:0:0:0:0:0:0:0 0
Detected Qradar 2:51:19 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.101 0:0:0:0:0:0:0:0 0
Detected Qradar 2:25:04 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.14 0:0:0:0:0:0:0:0 0
Detected Qradar 2:29:12 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.102 0:0:0:0:0:0:0:0 0
Detected Qradar 3:02:01 PM
Local Suspicious Probe Events Custom Rule Engine-8 :: Dec 13, 2022,
Host Query 1.11.3.23 0:0:0:0:0:0:0:0 0
Detected Qradar 2:55:20 PM

Last 10 Flows

Application Source IP Source IPv6 Source Port Destination IP Destination IPv6 Destination Port Total Bytes Last Packet Time
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.20 0:0:0:0:0:0:0:0 0 120 Dec 13, 2022, 3:06:53 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.5 0:0:0:0:0:0:0:0 0 132 Dec 13, 2022, 3:06:43 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.16 0:0:0:0:0:0:0:0 0 132 Dec 13, 2022, 3:06:26 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.19 0:0:0:0:0:0:0:0 0 132 Dec 13, 2022, 3:05:49 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.21 0:0:0:0:0:0:0:0 0 132 Dec 13, 2022, 3:05:43 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.23 0:0:0:0:0:0:0:0 0 132 Dec 13, 2022, 3:05:22 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.20 0:0:0:0:0:0:0:0 0 132 Dec 13, 2022, 3:04:48 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.8 0:0:0:0:0:0:0:0 0 60 Dec 13, 2022, 3:04:34 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.17 0:0:0:0:0:0:0:0 0 132 Dec 13, 2022, 3:04:26 PM
ICMP.Echo 10.10.80.33 0:0:0:0:0:0:0:0 0 1.11.3.15 0:0:0:0:0:0:0:0 0 132 Dec 13, 2022, 3:04:15 PM

Top 5 Annotations

Annotation Time Weight


Included detected events by Source IP from the point forward it to the offense. The number of events this source generated during this attack, This offense is part of the rule
Local L2L Suspicious Probe Events Detected    Reports when various suspicious or reconnaissance events have been detected from the same local source IP address to Dec 5, 2022,
9
more than 5 destination IP address in 4 minutes. This can indicate various forms of host probing, such as Nmap reconnaissance, which attempts to identify the services and 11:48:23 AM
operation systems of the target.
Dec 11, 2022,
"Offense Chaining".  This offense has 13 destinations (destination IPs), which are the source (attacker)in other offenses 7
8:21:44 AM
"CRE Event".  CRE Rule description:  [Local Suspicious Probe Events Detected] Detected  various suspicious or reconnaissance events  from the same local source IP
Dec 10, 2022,
address to more than 5 destination IP address in 4 minutes. This can indicate various forms of host probing, such as Nmap reconnaissance, which attempts to identify the 6
4:21:38 AM
services and operation systems of the target.

https://10.10.30.84/console/do/sem/offensesummary?appName=Sem&pageId=OffenseCategoryList&summaryId=205 2/3
12/13/22, 3:08 PM Offense
Annotation Time Weight
"CRE Event".  CRE Rule description:  [Local Suspicious Probe Events Detected] Detected  various suspicious or reconnaissance events  from the same local source IP
Dec 9, 2022,
address to more than 5 destination IP address in 4 minutes. This can indicate various forms of host probing, such as Nmap reconnaissance, which attempts to identify the 6
11:31:40 PM
services and operation systems of the target.
"CRE Event".  CRE Rule description:  [Local Suspicious Probe Events Detected] Detected  various suspicious or reconnaissance events  from the same local source IP
Dec 10, 2022,
address to more than 5 destination IP address in 4 minutes. This can indicate various forms of host probing, such as Nmap reconnaissance, which attempts to identify the 6
12:47:25 AM
services and operation systems of the target.

https://10.10.30.84/console/do/sem/offensesummary?appName=Sem&pageId=OffenseCategoryList&summaryId=205 3/3

You might also like