Active Offenses
5
Events/Sec
247
Flows/Min
89,524
Risk Score
7.3
High Priority Offenses
Multiple Failed Login Attempts
Source: 192.168.1.100 | Type: brute_force
Suspicious Port Scan Detected
Source: 203.0.113.1 | Type: port_scan
Unauthorized File Access
Source: 10.0.0.25 | Type: unauthorized_access
Network Activity
Internal Traffic
85%
External Traffic
15%
Blocked Attempts
124
Search & Reporting
Events Timeline
1,247 events in last hour
Top Sources
firewall.corp.com
45%
web-server-01
32%
domain-controller
23%
Index Status
main
99.8%
security
99.5%
network
98.2%
Machine Learning Alerts
Anomalous User Behavior Detected
User: john.doe@corp.com | Confidence: 87%
ML Model: User Behavior AnalyticsAll other systems operating normally
No additional anomalies detected
Elasticsearch Query
GET /logstash-*/_search
{
"query": {
"range": {
"@timestamp": {
"gte": "now-1h"
}
}
}
}Hits: 1,847 | Took: 124ms
Kibana Visualization
98.7%
Index Health
1.2TB
Data Stored
Logstash Pipeline Status
Input
Beats
Active
Syslog
Active
HTTP
Warning
Filter
Grok
Processing
Mutate
Processing
GeoIP
Processing
Output
Elasticsearch
Active
Kafka
Active
File
Active
Network Packet Analysis
Time
Source
Destination
Protocol
Length
Info
03:17:45.123
192.168.1.100
8.8.8.8
TCP
1420
HTTP GET Request
03:17:45.124
10.0.0.25
172.16.0.50
UDP
512
DNS Query
03:17:45.125
203.0.113.1
192.168.1.100
TCP
64
Port Scan Attempt
Protocol Distribution
TCP
65%
UDP
25%
ICMP
10%
Traffic Statistics
2,847
Packets
89.4MB
Bandwidth
7
Anomalies
3.2ms
Latency
12
Active Threats
347
Vulnerabilities
1,247
IOCs
92.3%
Detection Rate
High Priority Threats
APT: 185.234.72.123
Type: ip | Confidence: 95%
Source: IBM X-ForceRansomware: malware.example.com
Type: domain | Confidence: 87%
Source: VirusTotalUser Activity Patterns
Normal Login Hours
08:00 - 18:00
After Hours Activity
3 users
Anomalous Activities
2 activities
Network Behavior
Baseline Traffic
145 MB/s
Current Traffic
189 MB/s
Anomaly Score
7.2/10