{"ip":"46.101.215.13","exported_at":"2026-06-20T21:23:21+00:00","period_days":1,"metrics":{"events7d":2,"distinct_ports":1,"distinct_classifications":1,"max_severity":9,"last_sensor_id":"paris-1","max_waf_score":19,"max_risk_score":52,"attack_stage":"exploit_attempt","attack_chain_stage":"exploitation","threat_family":["unknown"],"recommended_action":"investigate","confidence":0.5,"risk_breakdown":{"waf":84,"classification":68,"behavior":0,"geo":40,"protocol":25,"novelty":15},"mitre_tactics":["TA0001","TA0002"],"mitre_technique":"TA0001","top_mitre_technique":"TA0001","top_mitre_count":2,"executive_one_liner_fr":"Activit\u00e9 suspecte \u2014 risque 52\/100 (Moyen) \u2014 MITRE TA0001 \u2014 confiance 50 % \u2014 via HTTP","campaign_hint_fr":null,"confidence_breakdown":{"waf":84,"classification":68,"behavior":0,"geo":40,"protocol":25,"novelty":15,"risk_score":52},"persona_hostname":"mail.sensor-1.internal","correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":50,"confidence_hint_fr":"Confiance mod\u00e9r\u00e9e \u2014 signal unique","sensor_role_label_fr":"Renseignement menaces","tags_summary_labels_fr":["pat-0284"],"tags_summary":["pat-0284"],"attack_vector":"xss attack \u00b7 via HTTP:8899 \u00b7 (tentative d\u0027exploit) \u00b7 \u2192 \/favicon.ico","protocol_details":{"http_method":"GET","http_path":"\/favicon.ico","request_line":"GET \/favicon.ico HTTP\/1.1","http_user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:142.0) Gecko\/20100101 Firefox\/142.0","port":8899,"service":"http","service_label_fr":"HTTP"},"protocol_summary_fr":"GET \/favicon.ico \u00b7 UA Mozilla\/5.0 (X11; Linux x86_64; rv:142.0) Gecko\u2026 \u00b7 HTTP:8899","evidence_snippet":"GET \/favicon.ico HTTP\/1.1\r\nHost: 62.3.50.33\r\nUser-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:142.0) Gecko\/20100101 Firefox\/142.0","target_port_label":"8899 \u00b7 HTTP","emulator_service":"http","confidence_reason":"Confiance 50 % \u2014 Motif catalogue confirm\u00e9 \u00b7 3 tag(s) WAF","classification_reason":"Type \u00ab xss_attack \u00bb (signaux protocolaires) \u00b7 confiance 50%","classification_reason_label_fr":"Type \u00ab xss_attack \u00bb (signaux protocolaires) \u00b7 confiance 50%","confidence_factors_fr":"Confiance 50 % \u2014 Score WAF 84 \u00b7 3 tag(s) WAF","payload_preview":"GET \/favicon.ico HTTP\/1.1\r\nHost: 62.3.50.33\r\nUser-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:142.0) Gecko\/20100101 Firefox\/142.0"},"events":[],"total_events":0}