ログソースの状態と直近のログエントリを確認できます
| 時刻 | ソース | レベル | ホスト | メッセージ |
|---|---|---|---|---|
| 11:54:12 | Firewall | BLOCK | fw-01 | Outbound connection blocked: 185.220.101.42:443 → fileserver-01 |
| 11:54:01 | Access Log | INFO | fileserver-01 | GET /admin/files/confidential/ HTTP/1.1 200 admin.tanaka |
| 11:53:48 | Process Log | WARN | win-client-23 | powershell.exe spawned by cmd.exe: -EncodedCommand SGVsbG8= |
| 11:53:30 | IDS / IPS | ALERT | ids-01 | Signature match: ET POLICY PE EXE or DLL Windows file download |
| 11:53:12 | Endpoint | INFO | win-client-23 | File created: C:\Users\sato.yuki\AppData\Local\Temp\tmp_8f3a.exe |
| 11:52:55 | Firewall | BLOCK | fw-01 | Inbound connection blocked: 203.0.113.91:41822 → cloud-auth:443 |
| 11:52:40 | Access Log | ERROR | cloud-auth | Authentication failed: user@acme.corp (attempt 12/15) from 203.0.113.91 |
| 11:52:18 | VPN | INFO | vpn-gw | VPN session established: admin.tanaka / 185.220.101.42 (Amsterdam, NL) |
| 11:51:44 | Firewall | INFO | fw-01 | Outbound HTTPS allowed: linux-app-04 → 198.51.100.24:443 |
| 11:51:20 | IDS / IPS | ALERT | ids-01 | C2 beacon pattern detected: linux-app-04 → 198.51.100.24 (interval: 60s) |
| 11:50:55 | Operation Log | WARN | linux-app-04 | Privileged command executed: sudo chmod 777 /etc/shadow by sato.yuki |
| 11:50:30 | Process Log | INFO | win-client-23 | Process started: wscript.exe /e:vbscript C:\Temp\update.vbs |