Reasons
- Detected activity is a limited amount of firewall scenarios.
- Observed on a single node, indicating non-distributed activity at time of detection.
No MITRE ATT&CK mappings available for this decision.
Evidence
- Nodes observed: 1
- Severity: LOW
- TTL remaining: 3d 10h