{"ip":"69.5.20.93","exported_at":"2026-06-18T03:49:20+00:00","period_days":1,"metrics":{"events7d":15,"distinct_ports":3,"distinct_classifications":6,"max_severity":8,"last_sensor_id":"paris-1","max_waf_score":16,"max_risk_score":48,"attack_stage":"exploit_attempt","attack_chain_stage":"exploitation","threat_family":["unknown"],"recommended_action":"monitor","confidence":0.62,"risk_breakdown":{"waf":72,"classification":80,"behavior":0,"geo":0,"protocol":33,"novelty":15},"mitre_tactics":["TA0001","TA0002"],"mitre_technique":"TA0001","top_mitre_technique":"TA0001","top_mitre_count":10,"executive_one_liner_fr":"Activit\u00e9 suspecte \u2014 risque 46\/100 (Moyen) \u2014 MITRE TA0001 \u2014 confiance 62 % \u2014 via HTTP \u2014 multi-protocole (2 protocoles \u00b7 5 min)","campaign_hint_fr":null,"confidence_breakdown":{"waf":72,"classification":80,"behavior":0,"geo":0,"protocol":33,"novelty":15,"risk_score":46,"correlation_boost":8},"persona_hostname":"mail.sensor-1.internal","correlation_flags":["multi_protocol_correlation"],"correlation_flags_labels_fr":["Multi-protocole corr\u00e9l\u00e9 (5 min)"],"confidence_pct":62,"confidence_hint_fr":"Corr\u00e9lation +8","sensor_role_label_fr":"Renseignement menaces","tags_summary_labels_fr":["CRS-920350"],"tags_summary":["CRS-920350"],"attack_vector":"ssrf internal \u00b7 via HTTP:7443 \u00b7 (tentative d\u0027exploit)","protocol_details":{"http_method":"GET","http_path":"\/","request_line":"GET \/ HTTP\/1.1","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 Chrome\/120.0.0.0 Safari\/537.36","port":7443,"service":"http","service_label_fr":"HTTP"},"protocol_summary_fr":"GET \/ \u00b7 UA Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7)\u2026 \u00b7 HTTP:7443","evidence_snippet":"GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:7443\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 Chrome\/120","target_port_label":"7443 \u00b7 HTTP","emulator_service":"http","confidence_reason":"Confiance 54 % \u2014 Motif catalogue confirm\u00e9 \u00b7 3 tag(s) WAF","classification_reason":"Type \u00ab ssrf_internal \u00bb (signaux protocolaires) \u00b7 confiance 54%","classification_reason_label_fr":"Type \u00ab ssrf_internal \u00bb (signaux protocolaires) \u00b7 confiance 54%","confidence_factors_fr":"Confiance 62 % \u2014 Score WAF 72 \u00b7 Bonus corr\u00e9lation +8 \u00b7 3 tag(s) WAF","payload_preview":"GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:7443\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 Chrome\/120"},"events":[],"total_events":0}