Reasons
- High severity activity observed on a single node; enforcement applied based on severity.
- Further attacks within a short window, permanent ban applied based on indicators of persistence attacks.
MITRE ATT&CK Mappings
- Tactics: Initial Access
- Techniques: T1190
Evidence
- Nodes observed: 1
- Severity: CRITICAL
- TTL remaining: 12d 7h