{"ip":"5.61.209.33","exported_at":"2026-06-19T21:42:21+00:00","period_days":7,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":"exploit_attempt","attack_chain_stage":"exploitation","threat_family":["unknown"],"recommended_action":"investigate","confidence":0.62,"risk_breakdown":{"waf":84,"classification":72,"behavior":0,"geo":0,"protocol":25,"novelty":15},"mitre_tactics":["TA0001","TA0002"],"mitre_technique":"TA0001","top_mitre_technique":"TA0001","top_mitre_count":25,"executive_one_liner_fr":"Activit\u00e9 suspecte \u2014 risque 51\/100 (Moyen) \u2014 MITRE TA0001 \u2014 confiance 62 % \u2014 via HTTP","campaign_hint_fr":null,"confidence_breakdown":{"waf":84,"classification":72,"behavior":0,"geo":0,"protocol":25,"novelty":15,"risk_score":51},"persona_hostname":"mail.sensor-1.internal","correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":62,"confidence_hint_fr":null,"sensor_role_label_fr":"Renseignement menaces","tags_summary_labels_fr":["MITRE-T1190"],"tags_summary":["MITRE-T1190"],"attack_vector":"exploit attempt \u00b7 via HTTP:90 \u00b7 (tentative d\u0027exploit) \u00b7 \u2192 \/SDK\/webLanguage","protocol_details":{"http_method":"GET","http_path":"\/SDK\/webLanguage","request_line":"GET \/SDK\/webLanguage HTTP\/1.1","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/90.0.4430.85 Safari\/537.36 Edg\/\u2026","port":90,"service":"http","service_label_fr":"HTTP"},"protocol_summary_fr":"GET \/SDK\/webLanguage \u00b7 UA Mozilla\/5.0 (Windows NT 10.0; Win64; x64) Apple\u2026 \u00b7 HTTP:90","evidence_snippet":"GET \/SDK\/webLanguage HTTP\/1.1\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chro","target_port_label":"90 \u00b7 HTTP","emulator_service":"http","confidence_reason":"Confiance 62 % \u2014 3 tag(s) WAF","classification_reason":"Tentative d\u0027exploit (tag rce-0) \u00b7 confiance 62%","classification_reason_label_fr":"Tentative d\u0027exploit (tag rce-0) \u00b7 confiance 62%","confidence_factors_fr":"Confiance 62 % \u2014 Score WAF 84 \u00b7 3 tag(s) WAF","payload_preview":"GET \/SDK\/webLanguage HTTP\/1.1\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chro"},"events":[],"total_events":0}