Security Operations Center (Overview)
Hybrid workspace consolidating Sentinel analytics metrics and Google Chronicle entity tracking.
Ingestion Rate
14,852 EPS▲ +12.4%
Active Incidents
6 Open▼ -18.2%
Monitored Assets
1,489 Active▲ +2.1%
Consensus Health
100% Stable▲ 0.0%
Geovelocity Impossible Travel Visualizer
Real-time mapping of concurrent geolocation SSO credentials requests
Boston, US
(User Host)
(User Host)
Impossible Travel
Tokyo, JP
(Unauthorized login)
(Unauthorized login)
Telemetry Data Marts
Windows Event MartActive Directory logs
STABLELinux Syslog & eBPFSyslog kernel traces
STABLEFirewall Flow MartIngestion flow records
STABLEIdentity Governance MartMFA, Saviynt log traces
ALERTActionable Security Alerts Grid
Correlated security events mapped to MITRE TTPs and inline containment triggers
| Threat ID | Incident Details | MITRE TTP | Exposure Entity Target | Raw Syslog Preview | Severity | Status | Actions |
|---|---|---|---|---|---|---|---|
| SEC-902 | Account Takeover (ATO) - Impossible Travel Anomaly Source: Tokyo, JP & Boston, US | T1078 | KVM:4a12c984:AppInstance-B | sshd: Accepted publickey for sridhargs from 185.220.101.5 | CRITICAL | ACTIVE | |
| SEC-903 | Active Directory Password Spray Attack Source: 10.101.40.2 (Local vNIC) | T1110 | ESXi:f0f1882a:AppInstance-C | krb5: Kerberos login failure for user admin - Preauth failed | HIGH | ACTIVE | |
| SEC-904 | Container Privilege Elevation eBPF Alert Source: Container ID: c52ea7b | T1548 | KVM:4a12c984:AppInstance-A | auditd: execve command: sudo rm -rf /etc/hosts (uid=1001) | HIGH | ACTIVE | |
| SEC-905 | Tandem Legacy System SMF Journal Level Override Source: Tandem LegacyTel Bridge | T1562 | ZOS:LPAR2:RACF_MGR | LegacyTel: RACF Audit override level set to: NONE | CRITICAL | ACTIVE |