0% found this document useful (0 votes)

271 views232 pages

FortiWeb Report

Uploaded by

Septis Sitpes

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as RTF, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

271 views232 pages

FortiWeb Report

Uploaded by

Septis Sitpes

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as RTF, PDF, TXT or read online on Scribd

You are on page 1/ 232

f

FortiWeb Report

Company Name: Fujitsu
Report Title: dd
Generated on: Sat Jan 14 16:07:12 2023
Period: 2023-01-07 00:00 - 2023-01-13 23:59
Filters: None
Scheduled at: Every day at 11:15

dd - 1
f

Table of Contents

PCI ......................................................................................................................................
Attack by Time ...............................................................................................................................................
Top Attack Types by Date .............................................................................................................................
Top Attack Types by Month ..........................................................................................................................
Top Attack Types by Day of Week ...............................................................................................................
Top Attack Types by Hour of Day ................................................................................................................
Traffic .................................................................................................................................
Top Traffic Summary ....................................................................................................................................
Top Policies .....................................................................................................................................................
Top Services ....................................................................................................................................................
Top Sources ....................................................................................................................................................
Top Destinations ............................................................................................................................................
Top Destinations By Top Source ...................................................................................................................
Top Sources By Top Destination ...................................................................................................................
Top Source Countries ....................................................................................................................................
Top Http Host .................................................................................................................................................
Top User Name ...............................................................................................................................................
Top Http Referer ............................................................................................................................................
Top Http Version ............................................................................................................................................
Top Client Device ID .....................................................................................................................................
By Time ...........................................................................................................................................................
Top Destinations By Date ..............................................................................................................................
Top Destinations By Hour of Day .................................................................................................................
Top Destinations By Day of Week ................................................................................................................
Top Destinations By Month ..........................................................................................................................
Top Sources By Date ......................................................................................................................................
Top Sources By Hour of Day ........................................................................................................................
Top Sources By Day of Week ........................................................................................................................
Top Sources By Month ..................................................................................................................................
Attack .................................................................................................................................
Attack by Time ...............................................................................................................................................
Top Attack Types by Date .............................................................................................................................
Top Attack Types by Month ..........................................................................................................................
Top Attack Types by Day of Week ...............................................................................................................
Top Attack Types by Hour of Day ................................................................................................................
Attacks By Date .............................................................................................................................................
Top Attack Severity by Date .........................................................................................................................
Top Attack Severity by Month .....................................................................................................................
Top Attack Severity by Day of Week ...........................................................................................................
Top Attack Severity by Hour of Day ............................................................................................................
Top Attacks Summary ...................................................................................................................................
Top Attack Sources ........................................................................................................................................
Top Attacked Destinations ............................................................................................................................
Top Attack Types ...........................................................................................................................................

dd - 2
f

Top Attack Protocols by Type .......................................................................................................................

Attack Categories by Type ............................................................................................................................
Top Attack Severities by Action ...................................................................................................................
Top Attack Destinations by Type ..................................................................................................................
Top Attack Destinations by Source ..............................................................................................................
Top Attack Types by Source .........................................................................................................................
Top Attacked Http methods by Type ...........................................................................................................
Attacks By Policy ...........................................................................................................................................
Top Attack URLs ...........................................................................................................................................
Top Attacked User Identifications ................................................................................................................
Top Triggered Source Countries ..................................................................................................................
Top Triggered Signature IDs ........................................................................................................................
Top Triggered Signature IDs By Type .........................................................................................................
FortiSandbox Statistics (Last 7 Days) ..........................................................................................................
Top Attacked Http Host ................................................................................................................................
Top Attacked User Name ..............................................................................................................................
Top Attacked Http Referer ...........................................................................................................................
Top Attacked Http Version ...........................................................................................................................
Top Threat Weights by Client Device IDs ...................................................................................................
Top Attack Attempts by Client Device IDs ..................................................................................................
Top Attack Categories by Client Device IDs ...............................................................................................
Attack Summary ............................................................................................................................................
Attack Details .................................................................................................................................................
Event ...................................................................................................................................
By Hour Of Day .............................................................................................................................................
Top Critical Events By Hour Of Day ...........................................................................................................
Top Warning Events By Hour Of Day .........................................................................................................
Top Information Events By Hour Of Day ...................................................................................................
Top Emergency Events By Hour Of Day .....................................................................................................
Top Alert Events By Hour Of Day ...............................................................................................................
Top Error Events By Hour Of Day ..............................................................................................................
Top Notification Events By Hour Of Day ....................................................................................................
Top Events by Hour Of Day .........................................................................................................................
Top Event Categories by Hour of Day .........................................................................................................
By Date ...........................................................................................................................................................
Top Critical Events By Date .........................................................................................................................
Top Warning Events By Date .......................................................................................................................
Top Information Events By Date .................................................................................................................
Top Emergency Events By Date ...................................................................................................................
Top Alert Events By Date ..............................................................................................................................
Top Error Events By Date .............................................................................................................................
Top Notification Events By Date ..................................................................................................................
Top Events by Date ........................................................................................................................................
Top Event Categories by Date ......................................................................................................................
Others .............................................................................................................................................................
Top Event Categories by Status ...................................................................................................................
Top Events ......................................................................................................................................................

dd - 3
f

Top Event Categories ....................................................................................................................................

Top Event Types .............................................................................................................................................
Top Failed Authentication Events By Day ..................................................................................................
Top Failed Authentication Events By Week ................................................................................................
Top Authentication Events By User .............................................................................................................

dd - 4
f

PCI

Attack by Time

Top Attack Types by Date

The daily breakdown of the most frequently detected attack types.

Top Attack Types by Date
Date Attack Type Events Percent
2023-01-07 HTTP Connection 12831 88.90%
Failure
Generic 678 4.70%
Attacks(Extended)
SQL/XSS Syntax 360 2.49%
Based Detection
Other(9) 564 3.91%
Subtotal(12) 14433 0.26%
2023-01-08 HTTP Connection 14480 89.31%
Failure
Generic 969 5.98%
Attacks(Extended)
Generic Attacks 260 1.60%
Other(8) 505 3.11%
Subtotal(11) 16214 0.29%
2023-01-09 HTTP Connection 13774 29.39%
Failure
Generic 11321 24.16%
Attacks(Extended)
Generic Attacks 8716 18.60%
Other(11) 13049 27.85%
Subtotal(14) 46860 0.84%
2023-01-10 HTTP Connection 1970880 98.94%
Failure
Generic 9238 0.46%
Attacks(Extended)
Generic Attacks 6619 0.33%
Other(9) 5304 0.27%
Subtotal(12) 1992041 35.66%
2023-01-11 HTTP Connection 3407671 99.38%
Failure
Generic 9644 0.28%
Attacks(Extended)
Generic Attacks 5205 0.15%
Other(9) 6245 0.18%
Subtotal(12) 3428765 61.37%
2023-01-12 HTTP Connection 14179 42.51%
Failure
Generic 9541 28.61%
Attacks(Extended)

dd - 5
f

Generic Attacks 4129 12.38%

Other(8) 5505 16.50%
Subtotal(11) 33354 0.60%
2023-01-13 HTTP Connection 13461 24.33%
Failure
SQL Injection 11250 20.34%
Generic 8813 15.93%
Attacks(Extended)
Other(12) 21795 39.40%
Subtotal(15) 55319 0.99%
Total(7) 5586986 100.00%

Top Attack Types by Month

The monthly breakdown of the most frequently detected attack types.

Top Attack Types by Month
Month Attack Type Events Percent
2023-jan HTTP Connection 5447276 97.50%
Failure
Generic 50204 0.90%
Attacks(Extended)
Generic Attacks 31691 0.57%
Other(12) 57815 1.03%
Subtotal(15) 5586986 100.00%
Total(1) 5586986 100.00%

dd - 6
f

Top Attack Types by Day of Week

The daily breakdown of the most frequently detected attack types.

Top Attack Types by Day of Week
Day of Week Attack Type Events Percent
MON HTTP Connection 13774 29.39%
Failure
Generic 11321 24.16%
Attacks(Extended)
Generic Attacks 8716 18.60%
Other(11) 13049 27.85%
Subtotal(14) 46860 0.84%
TUE HTTP Connection 1970880 98.94%
Failure
Generic 9238 0.46%
Attacks(Extended)
Generic Attacks 6619 0.33%
Other(9) 5304 0.27%
Subtotal(12) 1992041 35.66%
WED HTTP Connection 3407671 99.38%
Failure
Generic 9644 0.28%
Attacks(Extended)
Generic Attacks 5205 0.15%
Other(9) 6245 0.18%
Subtotal(12) 3428765 61.37%

dd - 7
f

THU HTTP Connection 14179 42.51%

Failure
Generic 9541 28.61%
Attacks(Extended)
Generic Attacks 4129 12.38%
Other(8) 5505 16.50%
Subtotal(11) 33354 0.60%
FRI HTTP Connection 13461 24.33%
Failure
SQL Injection 11250 20.34%
Generic 8813 15.93%
Attacks(Extended)
Other(12) 21795 39.40%
Subtotal(15) 55319 0.99%
SAT HTTP Connection 12831 88.90%
Failure
Generic 678 4.70%
Attacks(Extended)
SQL/XSS Syntax 360 2.49%
Based Detection
Other(9) 564 3.91%
Subtotal(12) 14433 0.26%
SUN HTTP Connection 14480 89.31%
Failure
Generic 969 5.98%
Attacks(Extended)
Generic Attacks 260 1.60%
Other(8) 505 3.11%
Subtotal(11) 16214 0.29%
Total(7) 5586986 100.00%

dd - 8
f

Top Attack Types by Hour of Day

The hourly breakdown of the most frequently detected attack types.

Top Attack Types by Hour of Day
Hour Attack Type Events Percent
00:00 - 01:00 HTTP Connection 216992 99.84%
Failure
Generic 209 0.10%
Attacks(Extended)
Machine Learning 50 0.02%
Other(7) 91 0.04%
Subtotal(10) 217342 3.89%
01:00 - 02:00 HTTP Connection 216073 99.82%
Failure
Generic Attacks 136 0.06%
Generic 134 0.06%
Attacks(Extended)
Other(7) 124 0.06%
Subtotal(10) 216467 3.87%
02:00 - 03:00 HTTP Connection 215640 99.91%
Failure
Generic 90 0.04%
Attacks(Extended)
Known Bots 60 0.03%
Detection
Other(5) 47 0.02%

dd - 9
f

Subtotal(8) 215837 3.86%

03:00 - 04:00 HTTP Connection 215118 99.83%
Failure
Known Bots 241 0.11%
Detection
Generic 86 0.04%
Attacks(Extended)
Other(6) 37 0.02%
Subtotal(9) 215482 3.86%
04:00 - 05:00 HTTP Connection 213567 99.89%
Failure
Known Bots 82 0.04%
Detection
Generic 73 0.03%
Attacks(Extended)
Other(6) 75 0.04%
Subtotal(9) 213797 3.83%
05:00 - 06:00 HTTP Connection 213342 99.91%
Failure
Generic 112 0.05%
Attacks(Extended)
Known Bots 47 0.02%
Detection
Other(6) 24 0.01%
Subtotal(9) 213525 3.82%
06:00 - 07:00 HTTP Connection 212636 99.89%
Failure
Generic 115 0.05%
Attacks(Extended)
Known Bots 59 0.03%
Detection
Other(6) 65 0.03%
Subtotal(9) 212875 3.81%
Other(17) 4081661 73.06%
Total(24) 5586986 100.00%

dd - 10
f

dd - 11
f

Traffic

Top Traffic Summary

Top Policies

The firewall policies with the most attempts.

Top Policies
Policy Events Percent
Pol_expinterweb 8259488 53.25%
Pol_delta 6729852 43.39%
Pol_Prensa_https_SNI 250296 1.61%
Pol_Preinterweb 135491 0.87%
Pol_prensa 88289 0.57%
Pol_Pruebasdelta 21141 0.14%
Pol_libreriavirtual 17836 0.11%
Other(2) 9478 0.06%
Total(9) 15511871 100.00%

Top Services

The Internet services with the most policy attempts.

Top Services
Service Events Percent

dd - 12
f

https/tls1.2 15421502 99.42%

http 90369 0.58%
Total(2) 15511871 100.00%

Top Sources

The sources with the most policy attempts.

Top Sources
Source Events Percent
10.128.128.30 269735 1.74%
10.151.68.10 221574 1.43%
10.252.193.94 131429 0.85%
10.16.70.52 122652 0.79%
185.161.117.124 105058 0.68%
10.252.99.25 79203 0.51%
88.151.19.69 78095 0.50%
Other(52232) 14504125 93.50%
Total(52239) 15511871 100.00%

dd - 13
f

Top Destinations

The destination with the most policy attempts.

Top Destinations
Destination Events Percent
10.17.210.65 7147490 46.08%
10.17.210.12 6729852 43.39%
10.17.210.29 1111998 7.17%
10.17.210.40 338585 2.18%
10.17.210.18 135491 0.87%
10.17.210.221 21141 0.14%
10.17.210.64 15884 0.10%
Other(3) 11430 0.07%
Total(10) 15511871 100.00%

dd - 14
f

Top Destinations By Top Source

The destinations with the most traffic events over the reporting period, broken down by
source.
Top Destinations By Top Source
Source Destination Events Percent
10.128.128.30 10.17.210.12 149718 55.51%
10.17.210.29 118569 43.96%
10.17.210.40 1068 0.40%
Other(3) 380 0.14%
Subtotal(6) 269735 1.74%
10.151.68.10 10.17.210.12 120271 54.28%
10.17.210.29 100406 45.31%
10.17.210.40 891 0.40%
Other(1) 6 0.00%
Subtotal(4) 221574 1.43%
10.252.193.94 10.17.210.12 66982 50.96%
10.17.210.29 63973 48.67%
10.17.210.40 474 0.36%
Subtotal(3) 131429 0.85%
10.16.70.52 10.17.210.29 117551 95.84%
10.17.210.12 3389 2.76%
10.17.210.94 1712 1.40%
Subtotal(3) 122652 0.79%
185.161.117.124 10.17.210.65 101568 96.68%
10.17.210.12 3490 3.32%

dd - 15
f

Subtotal(2) 105058 0.68%

10.252.99.25 10.17.210.12 71594 90.39%
10.17.210.29 4296 5.42%
10.17.210.40 3152 3.98%
Other(3) 161 0.20%
Subtotal(6) 79203 0.51%
88.151.19.69 10.17.210.12 41817 53.55%
10.17.210.65 36278 46.45%
Subtotal(2) 78095 0.50%
Other(52232) 14504125 93.50%
Total(52239) 15511871 100.00%

Top Sources By Top Destination

The sources with the most traffic events over the reporting period, broken down by
destination.
Top Sources By Top Destination
Destination Source Events Percent
10.17.210.65 185.161.117.124 101568 1.42%
188.244.80.248 55143 0.77%
83.247.136.75 40535 0.57%
Other(35817) 6950244 97.24%
Subtotal(35820) 7147490 46.08%
10.17.210.12 10.128.128.30 149718 2.22%
10.151.68.10 120271 1.79%
195.57.52.2 74974 1.11%

dd - 16
f

Other(13982) 6384889 94.87%

Subtotal(13985) 6729852 43.39%
10.17.210.29 10.128.128.30 118569 10.66%
10.16.70.52 117551 10.57%
10.151.68.10 100406 9.03%
Other(3145) 775472 69.74%
Subtotal(3148) 1111998 7.17%
10.17.210.40 88.221.90.166 13759 4.06%
88.221.90.7 13266 3.92%
23.1.255.118 10081 2.98%
Other(10698) 301479 89.04%
Subtotal(10701) 338585 2.18%
10.17.210.18 10.17.61.224 29527 21.79%
10.17.60.80 17530 12.94%
10.17.60.120 7696 5.68%
Other(813) 80738 59.59%
Subtotal(816) 135491 0.87%
10.17.210.221 10.17.61.119 5343 25.27%
10.17.60.47 1541 7.29%
10.16.25.131 1469 6.95%
Other(355) 12788 60.49%
Subtotal(358) 21141 0.14%
10.17.210.64 87.221.145.73 1056 6.65%
83.47.27.27 945 5.95%
146.70.74.189 857 5.40%
Other(301) 13026 82.01%
Subtotal(304) 15884 0.10%
Other(3) 11430 0.07%
Total(10) 15511871 100.00%

Top Source Countries

Source countries with the most policy attempts.

Top Source Countries
Source Country Events Percent
Spain 12850771 82.84%
Reserved 2133436 13.75%
United States 178910 1.15%
France 121203 0.78%
Germany 83194 0.54%
Netherlands 22133 0.14%
United Kingdom 20709 0.13%
Other(90) 101515 0.65%
Total(97) 15511871 100.00%

dd - 17
f

Top Http Host

Http Hosts with the most policy attempts.

Top Http Host
Http Host Events Percent
expinterweb.mites.gob. 8073431 52.05%
es
delta.mites.gob.es 6729852 43.39%
prensa.mites.gob.es 259728 1.67%
expinterwebseg.mites.g 156533 1.01%
ob.es
preinterweb.mites.gob. 134249 0.87%
es
prensa.empleo.gob.es 76300 0.49%
expinterweb.inclusion.g 29523 0.19%
ob.es
Other(442) 52255 0.34%
Total(449) 15511871 100.00%

dd - 18
f

Top User Name

User Names with the most policy attempts.

Top User Name
User Name Events Percent
Unknown 15507198 99.97%
iduranva@mites.gob.es 4637 0.03%
soporte_tecnico_ceres@ 24 0.00%
fnmt.es
dgtic_aplicacion@gva.e 7 0.00%
s
SGTIC@MITES.GOB.ES 4 0.00%
8hYTSUFk 1 0.00%
Total(6) 15511871 100.00%

dd - 19
f

Top Http Referer

Http Referers with the most policy attempts.

Top Http Referer
Http Referer Events Percent
https:// 840497 5.42%
delta.mites.gob.es/
Delta2Web/gusu/
usuarioregistrado.jsp
none 689891 4.45%
https:// 619861 4.00%
delta.mites.gob.es/
Delta2Web/gpat/
GestionPat.do
https:// 410137 2.64%
delta.mites.gob.es/
Delta2Web/styles/
cabeceras.css
https:// 402136 2.59%
delta.mites.gob.es/
Delta2Web/styles/
botones.css
https:// 386801 2.49%
delta.mites.gob.es/
Delta2Web/main/
principal.jsp
https:// 375640 2.42%

dd - 20
f

expinterweb.mites.gob.
es/regcon/css/
formularios.css
Other(135252) 11786908 75.99%
Total(135259) 15511871 100.00%

Top Http Version

Http Version with the most policy attempts.

Top Http Version
Http Version Events Percent
1.x 15511871 100.00%
Total(1) 15511871 100.00%

dd - 21
f

Top Client Device ID

Client Device ID with the most policy attempts.

Top Client Device ID
Client Device ID Events Percent
6FB5F7FA90195CB1447 122652 0.79%
E7FBC34526E2CEDC4
6F0A8CDAD62F9941E7 45233 0.29%
102C0ED65ABD602780
DB86FECBA6EF83E03A 38071 0.25%
835376618E047236FC
97E106F0AA7AA284F1F 38031 0.25%
B9F5EB12EEC2425EF
D4E112B95E25119753 37941 0.24%
B4E21D87A6925079F0
4BE3541395A53474914 37846 0.24%
6AE5D8EC80668C49F
7878218F037C4658FE8 35260 0.23%
C1470E0FB9FD04025
Other(108872) 15156837 97.71%
Total(108879) 15511871 100.00%

dd - 22
f

By Time

Top Destinations By Date

The daily breakdown of the traffic destination over the reporting period.
Top Destinations By Date
Date Destination Events Percent
2023-01-07 10.17.210.65 190089 55.46%
10.17.210.12 78127 22.79%
10.17.210.29 42223 12.32%
Other(6) 32303 9.42%
Subtotal(9) 342742 2.21%
2023-01-08 10.17.210.65 305140 65.00%
10.17.210.12 82873 17.65%
10.17.210.29 45747 9.75%
Other(6) 35655 7.60%
Subtotal(9) 469415 3.03%
2023-01-09 10.17.210.12 1389399 45.95%
10.17.210.65 1369580 45.29%
10.17.210.29 182341 6.03%
Other(7) 82395 2.72%
Subtotal(10) 3023715 19.49%
2023-01-10 10.17.210.65 1387461 45.64%
10.17.210.12 1356958 44.64%
10.17.210.29 213709 7.03%

dd - 23
f

Other(7) 81805 2.69%

Subtotal(10) 3039933 19.60%
2023-01-11 10.17.210.12 1385293 45.71%
10.17.210.65 1375424 45.38%
10.17.210.29 194400 6.41%
Other(7) 75673 2.50%
Subtotal(10) 3030790 19.54%
2023-01-12 10.17.210.65 1381336 45.40%
10.17.210.12 1334979 43.88%
10.17.210.29 237376 7.80%
Other(6) 88580 2.91%
Subtotal(9) 3042271 19.61%
2023-01-13 10.17.210.65 1138460 44.42%
10.17.210.12 1102223 43.01%
10.17.210.29 196202 7.66%
Other(7) 126120 4.92%
Subtotal(10) 2563005 16.52%
Total(7) 15511871 100.00%

Top Destinations By Hour of Day

The hourly breakdown of the traffic destination over the reporting period.
Top Destinations By Hour of Day
Hour Destination Events Percent
00:00 - 01:00 10.17.210.65 102236 72.03%
10.17.210.12 15377 10.83%

dd - 24
f

10.17.210.29 12051 8.49%

Other(6) 12265 8.64%
Subtotal(9) 141929 0.91%
01:00 - 02:00 10.17.210.65 45616 57.52%
10.17.210.40 11930 15.04%
10.17.210.12 11914 15.02%
Other(6) 9845 12.41%
Subtotal(9) 79305 0.51%
02:00 - 03:00 10.17.210.65 25472 54.70%
10.17.210.40 10650 22.87%
10.17.210.29 8162 17.53%
Other(5) 2282 4.90%
Subtotal(8) 46566 0.30%
03:00 - 04:00 10.17.210.65 17049 47.22%
10.17.210.40 7991 22.13%
10.17.210.29 7185 19.90%
Other(5) 3881 10.75%
Subtotal(8) 36106 0.23%
04:00 - 05:00 10.17.210.65 12197 34.03%
10.17.210.40 10075 28.11%
10.17.210.29 6859 19.14%
Other(5) 6706 18.71%
Subtotal(8) 35837 0.23%
05:00 - 06:00 10.17.210.65 14577 43.85%
10.17.210.29 8420 25.33%
10.17.210.40 8151 24.52%
Other(5) 2098 6.31%
Subtotal(8) 33246 0.21%
06:00 - 07:00 10.17.210.65 25842 44.60%
10.17.210.12 12809 22.11%
10.17.210.29 10287 17.75%
Other(5) 9005 15.54%
Subtotal(8) 57943 0.37%
Other(17) 15080939 97.22%
Total(24) 15511871 100.00%

dd - 25
f

Top Destinations By Day of Week

The daily breakdown of the traffic destination over the reporting period.
Top Destinations By Day of Week
Day of Week Destination Events Percent
MON 10.17.210.12 1389399 45.95%
10.17.210.65 1369580 45.29%
10.17.210.29 182341 6.03%
Other(7) 82395 2.72%
Subtotal(10) 3023715 19.49%
TUE 10.17.210.65 1387461 45.64%
10.17.210.12 1356958 44.64%
10.17.210.29 213709 7.03%
Other(7) 81805 2.69%
Subtotal(10) 3039933 19.60%
WED 10.17.210.12 1385293 45.71%
10.17.210.65 1375424 45.38%
10.17.210.29 194400 6.41%
Other(7) 75673 2.50%
Subtotal(10) 3030790 19.54%
THU 10.17.210.65 1381336 45.40%
10.17.210.12 1334979 43.88%
10.17.210.29 237376 7.80%
Other(6) 88580 2.91%
Subtotal(9) 3042271 19.61%
FRI 10.17.210.65 1138460 44.42%

dd - 26
f

10.17.210.12 1102223 43.01%

10.17.210.29 196202 7.66%
Other(7) 126120 4.92%
Subtotal(10) 2563005 16.52%
SAT 10.17.210.65 190089 55.46%
10.17.210.12 78127 22.79%
10.17.210.29 42223 12.32%
Other(6) 32303 9.42%
Subtotal(9) 342742 2.21%
SUN 10.17.210.65 305140 65.00%
10.17.210.12 82873 17.65%
10.17.210.29 45747 9.75%
Other(6) 35655 7.60%
Subtotal(9) 469415 3.03%
Total(7) 15511871 100.00%

Top Destinations By Month

The monthly breakdown of the traffic destination over the reporting period.
Top Destinations By Month
Month Destination Events Percent
2023-jan 10.17.210.65 7147490 46.08%
10.17.210.12 6729852 43.39%
10.17.210.29 1111998 7.17%
Other(7) 522531 3.37%
Subtotal(10) 15511871 100.00%

dd - 27
f

Total(1) 15511871 100.00%

Top Sources By Date

The daily breakdown of the traffic source over the reporting period.
Top Sources By Date
Date Source Events Percent
2023-01-07 10.16.70.52 20859 6.09%
188.78.58.68 6398 1.87%
92.178.233.83 5189 1.51%
Other(3864) 310296 90.53%
Subtotal(3867) 342742 2.21%
2023-01-08 10.16.70.52 20833 4.44%
10.16.80.86 6151 1.31%
10.16.80.21 6134 1.31%
Other(4326) 436297 92.94%
Subtotal(4329) 469415 3.03%
2023-01-09 10.128.128.30 52977 1.75%
10.151.68.10 50267 1.66%
10.252.193.94 24586 0.81%
Other(14701) 2895885 95.77%
Subtotal(14704) 3023715 19.49%
2023-01-10 10.151.68.10 48935 1.61%
10.128.128.30 43996 1.45%
10.252.99.25 26416 0.87%
Other(14946) 2920586 96.07%

dd - 28
f

Subtotal(14949) 3039933 19.60%

2023-01-11 10.128.128.30 60642 2.00%
10.151.68.10 39780 1.31%
10.252.193.94 29129 0.96%
Other(17426) 2901239 95.73%
Subtotal(17429) 3030790 19.54%
2023-01-12 10.128.128.30 62603 2.06%
10.151.68.10 51342 1.69%
10.252.193.94 33309 1.09%
Other(19310) 2895017 95.16%
Subtotal(19313) 3042271 19.61%
2023-01-13 10.128.128.30 47838 1.87%
10.151.68.10 30628 1.20%
10.17.61.224 29527 1.15%
Other(18135) 2455012 95.79%
Subtotal(18138) 2563005 16.52%
Total(7) 15511871 100.00%

Top Sources By Hour of Day

The hourly breakdown of the traffic source over the reporting period.
Top Sources By Hour of Day
Hour Source Events Percent
00:00 - 01:00 88.3.112.2 15011 10.58%
88.1.85.60 9576 6.75%
10.16.70.52 6077 4.28%
Other(4233) 111265 78.39%
Subtotal(4236) 141929 0.91%
01:00 - 02:00 10.16.70.52 6075 7.66%
88.15.145.131 2160 2.72%
145.1.252.159 2144 2.70%
Other(4759) 68926 86.91%
Subtotal(4762) 79305 0.51%
02:00 - 03:00 10.16.70.52 6079 13.05%
158.172.138.59 1725 3.70%
46.222.52.215 1463 3.14%
Other(4521) 37299 80.10%
Subtotal(4524) 46566 0.30%
03:00 - 04:00 10.16.70.52 6074 16.82%
79.109.179.21 2531 7.01%
195.200.254.142 2146 5.94%
Other(3593) 25355 70.22%
Subtotal(3596) 36106 0.23%
04:00 - 05:00 10.16.70.52 6089 16.99%
195.200.254.142 4463 12.45%
90.161.72.148 1008 2.81%
Other(4523) 24277 67.74%
Subtotal(4526) 35837 0.23%
05:00 - 06:00 10.16.70.52 6074 18.27%

dd - 29
f

62.175.96.120 1223 3.68%

2.139.143.229 1022 3.07%
Other(3791) 24927 74.98%
Subtotal(3794) 33246 0.21%
06:00 - 07:00 10.16.70.52 6083 10.50%
139.47.72.183 2238 3.86%
194.69.224.14 2127 3.67%
Other(3277) 47495 81.97%
Subtotal(3280) 57943 0.37%
Other(17) 15080939 97.22%
Total(24) 15511871 100.00%

Top Sources By Day of Week

The daily breakdown of the traffic source over the reporting period.
Top Sources By Day of Week
Day of Week Source Events Percent
MON 10.128.128.30 52977 1.75%
10.151.68.10 50267 1.66%
10.252.193.94 24586 0.81%
Other(14701) 2895885 95.77%
Subtotal(14704) 3023715 19.49%
TUE 10.151.68.10 48935 1.61%
10.128.128.30 43996 1.45%
10.252.99.25 26416 0.87%
Other(14946) 2920586 96.07%
Subtotal(14949) 3039933 19.60%
WED 10.128.128.30 60642 2.00%
10.151.68.10 39780 1.31%
10.252.193.94 29129 0.96%
Other(17426) 2901239 95.73%
Subtotal(17429) 3030790 19.54%
THU 10.128.128.30 62603 2.06%
10.151.68.10 51342 1.69%
10.252.193.94 33309 1.09%
Other(19310) 2895017 95.16%
Subtotal(19313) 3042271 19.61%
FRI 10.128.128.30 47838 1.87%
10.151.68.10 30628 1.20%
10.17.61.224 29527 1.15%
Other(18135) 2455012 95.79%
Subtotal(18138) 2563005 16.52%
SAT 10.16.70.52 20859 6.09%
188.78.58.68 6398 1.87%
92.178.233.83 5189 1.51%
Other(3864) 310296 90.53%
Subtotal(3867) 342742 2.21%
SUN 10.16.70.52 20833 4.44%
10.16.80.86 6151 1.31%

dd - 30
f

10.16.80.21 6134 1.31%

Other(4326) 436297 92.94%
Subtotal(4329) 469415 3.03%
Total(7) 15511871 100.00%

Top Sources By Month

The monthly breakdown of the traffic source over the reporting period.
Top Sources By Month
Month Source Events Percent
2023-jan 10.128.128.30 269735 1.74%
10.151.68.10 221574 1.43%
10.252.193.94 131429 0.85%
Other(52236) 14889133 95.99%
Subtotal(52239) 15511871 100.00%
Total(1) 15511871 100.00%

dd - 31
f

Attack

Attack by Time

Top Attack Types by Date

The daily breakdown of the most frequently detected attack types.

dd - 32
f

Generic Attacks 4129 12.38%

Top Attack Types by Month

The monthly breakdown of the most frequently detected attack types.

dd - 33
f

Top Attack Types by Day of Week

The daily breakdown of the most frequently detected attack types.

dd - 34
f

THU HTTP Connection 14179 42.51%

dd - 35
f

Top Attack Types by Hour of Day

The hourly breakdown of the most frequently detected attack types.

dd - 36
f

Subtotal(8) 215837 3.86%

dd - 37
f

Attacks By Date

The daily breakdown of the number of detected attacks.

Attacks By Date
Date Events Percent
2023-01-07 14433 0.26%
2023-01-08 16214 0.29%
2023-01-09 46860 0.84%
2023-01-10 1992041 35.66%
2023-01-11 3428765 61.37%
2023-01-12 33354 0.60%
2023-01-13 55319 0.99%
Total(7) 5586986 100.00%

dd - 38
f

Top Attack Severity by Date

The daily breakdown of the most frequently detected attack severity.

Top Attack Severity by Date
Date Severity Events Percent
2023-01-07 low 12847 89.01%
high 774 5.36%
medium 689 4.77%
Other(1) 123 0.85%
Subtotal(4) 14433 0.26%
2023-01-08 low 14596 90.02%
medium 987 6.09%
high 425 2.62%
Other(1) 206 1.27%
Subtotal(4) 16214 0.29%
2023-01-09 low 16598 35.42%
high 15689 33.48%
medium 13003 27.75%
Other(1) 1570 3.35%
Subtotal(4) 46860 0.84%
2023-01-10 low 1971036 98.95%
high 9906 0.50%
medium 9386 0.47%
Other(1) 1713 0.09%
Subtotal(4) 1992041 35.66%
2023-01-11 low 3408273 99.40%

dd - 39
f

medium 9840 0.29%

high 9065 0.26%
Other(1) 1587 0.05%
Subtotal(4) 3428765 61.37%
2023-01-12 low 14222 42.64%
medium 9681 29.03%
high 7887 23.65%
Other(1) 1564 4.69%
Subtotal(4) 33354 0.60%
2023-01-13 high 23883 43.17%
low 16035 28.99%
medium 14134 25.55%
Other(1) 1267 2.29%
Subtotal(4) 55319 0.99%
Total(7) 5586986 100.00%

Top Attack Severity by Month

The monthly breakdown of the most frequently detected attack severity.

Top Attack Severity by Month
Month Severity Events Percent
2023-jan low 5453607 97.61%
high 67629 1.21%
medium 57720 1.03%
Other(1) 8030 0.14%
Subtotal(4) 5586986 100.00%

dd - 40
f

Total(1) 5586986 100.00%

Top Attack Severity by Day of Week

The daily breakdown of the most frequently detected attack severity.

Top Attack Severity by Day of Week
Day of Week Severity Events Percent
MON low 16598 35.42%
high 15689 33.48%
medium 13003 27.75%
Other(1) 1570 3.35%
Subtotal(4) 46860 0.84%
TUE low 1971036 98.95%
high 9906 0.50%
medium 9386 0.47%
Other(1) 1713 0.09%
Subtotal(4) 1992041 35.66%
WED low 3408273 99.40%
medium 9840 0.29%
high 9065 0.26%
Other(1) 1587 0.05%
Subtotal(4) 3428765 61.37%
THU low 14222 42.64%
medium 9681 29.03%
high 7887 23.65%
Other(1) 1564 4.69%

dd - 41
f

Subtotal(4) 33354 0.60%

FRI high 23883 43.17%
low 16035 28.99%
medium 14134 25.55%
Other(1) 1267 2.29%
Subtotal(4) 55319 0.99%
SAT low 12847 89.01%
high 774 5.36%
medium 689 4.77%
Other(1) 123 0.85%
Subtotal(4) 14433 0.26%
SUN low 14596 90.02%
medium 987 6.09%
high 425 2.62%
Other(1) 206 1.27%
Subtotal(4) 16214 0.29%
Total(7) 5586986 100.00%

Top Attack Severity by Hour of Day

The hourly breakdown of the most frequently detected attack severity.

Top Attack Severity by Hour of Day
Hour Severity Events Percent
00:00 - 01:00 low 217001 99.84%
medium 219 0.10%
high 72 0.03%

dd - 42
f

Other(1) 50 0.02%
Subtotal(4) 217342 3.89%
01:00 - 02:00 low 216093 99.83%
high 217 0.10%
medium 139 0.06%
Other(1) 18 0.01%
Subtotal(4) 216467 3.87%
02:00 - 03:00 low 215640 99.91%
medium 92 0.04%
high 75 0.03%
Other(1) 30 0.01%
Subtotal(4) 215837 3.86%
03:00 - 04:00 low 215123 99.83%
high 253 0.12%
medium 88 0.04%
Other(1) 18 0.01%
Subtotal(4) 215482 3.86%
04:00 - 05:00 low 213571 99.89%
high 138 0.06%
medium 73 0.03%
Other(1) 15 0.01%
Subtotal(4) 213797 3.83%
05:00 - 06:00 low 213349 99.92%
medium 116 0.05%
high 52 0.02%
Other(1) 8 0.00%
Subtotal(4) 213525 3.82%
06:00 - 07:00 low 212638 99.89%
medium 119 0.06%
high 94 0.04%
Other(1) 24 0.01%
Subtotal(4) 212875 3.81%
Other(17) 4081661 73.06%
Total(24) 5586986 100.00%

dd - 43
f

Top Attacks Summary

Top Attack Sources

The most frequent sources of attacks over the reporting period.

Top Attack Sources
Source Events Percent
193.127.193.53 5345702 95.68%
10.17.61.224 25273 0.45%
0.0.0.0 8030 0.14%
10.17.60.120 6933 0.12%
37.97.137.40 4675 0.08%
206.189.127.129 4674 0.08%
177.222.109.47 3994 0.07%
Other(17398) 187705 3.36%
Total(17405) 5586986 100.00%

dd - 44
f

Top Attacked Destinations

The most frequently attacked destinations over the reporting period.

Top Attacked Destinations
Destination Events Percent
10.17.210.65 5468092 97.87%
10.17.210.12 61414 1.10%
10.17.210.18 34825 0.62%
0.0.0.0 8030 0.14%
10.17.210.40 4445 0.08%
10.17.210.9 4082 0.07%
10.17.210.29 2169 0.04%
Other(5) 3929 0.07%
Total(12) 5586986 100.00%

dd - 45
f

Top Attack Types

The most frequently detected attack types over the reporting period.
Top Attack Types
Attack Type Events Percent
HTTP Connection 5447276 97.50%
Failure
Generic 50204 0.90%
Attacks(Extended)
Generic Attacks 31691 0.57%
SQL Injection 14080 0.25%
SQL/XSS Syntax Based 13885 0.25%
Detection
Machine Learning 8030 0.14%
Cross Site Scripting 5642 0.10%
Other(8) 16178 0.29%
Total(15) 5586986 100.00%

dd - 46
f

Top Attack Protocols by Type

The protocols carrying the most attacks over the reporting period, broken down by attack
type.
Top Attack Protocols by Type
Protocol Attack Type Events Percent
https/tls1.2 HTTP Connection 5432082 97.66%
Failure
Generic 50204 0.90%
Attacks(Extended)
Generic Attacks 31164 0.56%
Other(11) 48748 0.88%
Subtotal(14) 5562198 99.56%
tcp Machine Learning 8030 100.00%
Subtotal(1) 8030 0.14%
https/tls1.1 HTTP Connection 6262 100.00%
Failure
Subtotal(1) 6262 0.11%
https/tls1.0 HTTP Connection 5183 100.00%
Failure
Subtotal(1) 5183 0.09%
https/tls1.3 HTTP Connection 2355 100.00%
Failure
Subtotal(1) 2355 0.04%
http IP Reputation 1027 65.66%
Generic Attacks 527 33.70%

dd - 47
f

Cross Site Scripting 5 0.32%

Other(1) 5 0.32%
Subtotal(4) 1564 0.03%
https HTTP Connection 1394 100.00%
Failure
Subtotal(1) 1394 0.02%
Total(7) 5586986 100.00%

dd - 48
f

Machine LearningMachine Learning 8030 100.00%

Subtotal(1) 8030 0.14%
IP Reputation IP Reputation 3639 100.00%
Subtotal(1) 3639 0.07%
Protected Protected 2559 100.00%
Hostnames Hostnames
Subtotal(1) 2559 0.05%
Known Bots Known Bots 1612 100.00%
Detection Detection
Subtotal(1) 1612 0.03%
Other(1) 6 0.00%
Total(8) 5586986 100.00%

Top Attack Severities by Action

The most frequently detected attack severities over the reporting period, broken down by
action.
Top Attack Severities by Action
Action Severity Events Percent
Alert_Deny low 5451037 98.65%
high 67275 1.22%
medium 7547 0.14%
Subtotal(3) 5525859 98.91%
Alert medium 50173 82.08%
informative 8030 13.14%
low 2570 4.20%

dd - 49
f

Other(1) 354 0.58%

Subtotal(4) 61127 1.09%
Total(2) 5586986 100.00%

Top Attack Destinations by Type

The most frequently attacked destinations over the reporting period, broken down by attack
type.
Top Attack Destinations by Type
Destination Attack Type Events Percent
10.17.210.65 HTTP Connection 5415246 99.03%
Failure
Generic 48663 0.89%
Attacks(Extended)
IP Reputation 3103 0.06%
Other(7) 1080 0.02%
Subtotal(10) 5468092 97.87%
10.17.210.12 Generic Attacks 27327 44.50%
HTTP Connection 18006 29.32%
Failure
SQL/XSS Syntax 13788 22.45%
Based Detection
Other(5) 2293 3.73%
Subtotal(8) 61414 1.10%
10.17.210.18 SQL Injection 14078 40.42%
Cross Site Scripting 3857 11.08%

dd - 50
f

Generic Attacks 3758 10.79%

Other(8) 13132 37.71%
Subtotal(11) 34825 0.62%
0.0.0.0 Machine Learning 8030 100.00%
Subtotal(1) 8030 0.14%
10.17.210.40 HTTP Connection 2153 48.44%
Failure
Known Bots 1600 36.00%
Detection
Generic Attacks 529 11.90%
Other(4) 163 3.67%
Subtotal(7) 4445 0.08%
10.17.210.9 HTTP Connection 4081 99.98%
Failure
Known Exploits 1 0.02%
Subtotal(2) 4082 0.07%
10.17.210.29 HTTP Connection 1418 65.38%
Failure
Generic 728 33.56%
Attacks(Extended)
SQL/XSS Syntax 16 0.74%
Based Detection
Other(3) 7 0.32%
Subtotal(6) 2169 0.04%
Other(5) 3929 0.07%
Total(12) 5586986 100.00%

dd - 51
f

Top Attack Destinations by Source

The most frequently attacked destinations over the reporting period, broken down by
source.
Top Attack Destinations by Source
Destination Source Events Percent
10.17.210.65 193.127.193.53 5345702 97.76%
177.222.109.47 3994 0.07%
192.126.194.33 3648 0.07%
Other(11456) 114748 2.10%
Subtotal(11459) 5468092 97.87%
10.17.210.12 37.97.137.40 4675 7.61%
206.189.127.129 4674 7.61%
195.57.52.2 1389 2.26%
Other(5236) 50676 82.52%
Subtotal(5239) 61414 1.10%
10.17.210.18 10.17.61.224 25273 72.57%
10.17.60.120 6933 19.91%
51.195.190.22 116 0.33%
Other(493) 2503 7.19%
Subtotal(496) 34825 0.62%
0.0.0.0 0.0.0.0 8030 100.00%
Subtotal(1) 8030 0.14%
10.17.210.40 88.221.90.166 248 5.58%
2.22.234.134 189 4.25%
88.221.90.7 181 4.07%
Other(1144) 3827 86.10%
Subtotal(1147) 4445 0.08%
10.17.210.9 157.55.39.89 346 8.48%
157.55.39.201 270 6.61%
40.77.167.40 268 6.57%
Other(352) 3198 78.34%
Subtotal(355) 4082 0.07%
10.17.210.29 10.17.60.168 631 29.09%
10.128.128.30 86 3.96%
10.151.68.10 77 3.55%
Other(300) 1375 63.39%
Subtotal(303) 2169 0.04%
Other(5) 3929 0.07%
Total(12) 5586986 100.00%

Top Attack Types by Source

The most frequently detected attack types over the reporting period, broken down by
source.
Top Attack Types by Source
Attack Type Source Events Percent
HTTP Connection 193.127.193.53 5345702 98.14%

dd - 52
f

Failure 37.97.137.40 4675 0.09%

206.189.127.129 4674 0.09%
Other(8008) 92225 1.69%
Subtotal(8011) 5447276 97.50%
Generic 84.77.228.72 878 1.75%
Attacks(Extende 185.161.117.124 690 1.37%
d) 2.154.117.50 620 1.23%
Other(5442) 48016 95.64%
Subtotal(5445) 50204 0.90%
Generic Attacks 10.17.61.224 2730 8.61%
10.17.60.120 1019 3.22%
195.57.52.2 1005 3.17%
Other(4496) 26937 85.00%
Subtotal(4499) 31691 0.57%
SQL Injection 10.17.61.224 11250 79.90%
10.17.60.120 2828 20.09%
2.136.236.57 1 0.01%
Other(1) 1 0.01%
Subtotal(4) 14080 0.25%
SQL/XSS Syntax 195.57.52.2 368 2.65%
Based Detection 217.124.168.105 325 2.34%
10.252.99.25 309 2.23%
Other(1659) 12883 92.78%
Subtotal(1662) 13885 0.25%
Machine Learning0.0.0.0 8030 100.00%
Subtotal(1) 8030 0.14%
Cross Site 10.17.61.224 2991 53.01%
Scripting 10.17.60.120 863 15.30%
10.141.190.206 313 5.55%
Other(362) 1475 26.14%
Subtotal(365) 5642 0.10%
Other(8) 16178 0.29%
Total(15) 5586986 100.00%

Top Attacked Http methods by Type

The most frequently attacked http methods over the reporting period, broken down by
attack type.
Top Attacked Http methods by Type
Http Method Attack Type Events Percent
none HTTP Connection 5447276 99.83%
Failure
Machine Learning 8030 0.15%
IP Reputation 1027 0.02%
Subtotal(3) 5456333 97.66%
post Generic 47582 56.67%
Attacks(Extended)
Generic Attacks 27176 32.37%
SQL/XSS Syntax 5721 6.81%

dd - 53
f

Based Detection
Other(9) 3484 4.15%
Subtotal(12) 83963 1.50%
get SQL Injection 13768 29.75%
SQL/XSS Syntax 8164 17.64%
Based Detection
Generic Attacks 4465 9.65%
Other(10) 19882 42.96%
Subtotal(13) 46279 0.83%
head Known Bots 304 79.79%
Detection
Information 57 14.96%
Disclosure
Generic Attacks 20 5.25%
Subtotal(3) 381 0.01%
webdav Generic Attacks 24 100.00%
Subtotal(1) 24 0.00%
options Generic Attacks 6 100.00%
Subtotal(1) 6 0.00%
Total(6) 5586986 100.00%

Attacks By Policy

The most frequently used policies over the reporting period.

Attacks By Policy
Policy Events Percent

dd - 54
f

Pol_expinterweb 5478291 98.05%

Pol_delta 61414 1.10%
Pol_Preinterweb 34825 0.62%
Pol_bibliotecavirtual 4082 0.07%
Pol_Prensa_https_SNI 3892 0.07%
Pol_Pruebasdelta 1674 0.03%
RepositorioDocumental 1208 0.02%
Other(4) 1600 0.03%
Total(11) 5586986 100.00%

Top Attack URLs

The most frequently detected attack URLs over the reporting period.
Top Attack URLs
URL Events Percent
none 5456333 97.66%
/rb_672bda62-27f5- 45544 0.82%
4ac5-a713-
9fda56ef7959
/Delta2Web/ 24636 0.44%
rb_672bda62-27f5-
4ac5-a713-
9fda56ef7959
/Delta2Web/gusu/ 3666 0.07%
j_security_check
/Delta2Web/gpat/ 3234 0.06%

dd - 55
f

GestionPat.do
/avisonotificacion/ 2091 0.04%
rb_672bda62-27f5-
4ac5-a713-
9fda56ef7959
/Delta2Web/grem/ 1602 0.03%
GestionRemesas.do
Other(14406) 49880 0.89%
Total(14413) 5586986 100.00%

Top Attacked User Identifications

The most frequently attacked user identifications over the reporting period.
Top Attacked User Identifications
Session ID Events Percent
none 5461204 97.75%
678B286DEEC1BEF66B 28188 0.50%
BF6EAF4ECBF69A
678B286A59AA61CE8E 1338 0.02%
CF7BEF539CFFB3
678B286AC9350115735 878 0.02%
3C0C93F4759AE
678B286A00FFD575674 633 0.01%
E578B0D4B6B0C
678B286AA252002FE68 631 0.01%
319DE8CA86958

dd - 56
f

678B286A3670FB26D9 620 0.01%

A76A82E9701D05
Other(12640) 93494 1.67%
Total(12647) 5586986 100.00%

Top Triggered Source Countries

Source countries with the most attack attempts.

Top Triggered Source Countries
Source Country Events Percent
Spain 5463750 97.79%
United States 40299 0.72%
Reserved 36582 0.65%
Russian Federation 9100 0.16%
Unknown 8030 0.14%
United Kingdom 6632 0.12%
Netherlands 6139 0.11%
Other(72) 16454 0.29%
Total(79) 5586986 100.00%

dd - 57
f

Top Triggered Signature IDs

The most frequently triggered signature ID over the reporting period.

Top Triggered Signature IDs
Signature ID Events Percent
060140003 49234 44.77%
050050039 23766 21.61%
030000040 4035 3.67%
030000042 3616 3.29%
030000163 2297 2.09%
050150001 2187 1.99%
010000107 1871 1.70%
Other(90) 22973 20.89%
Total(97) 109979 100.00%

dd - 58
f

Top Triggered Signature IDs By Type

The most frequently triggered signature ID over the reporting period, broken down by
attack type.
Top Triggered Signature IDs By Type
Attack Type Signature ID Events Percent
Generic 060140003 49234 98.07%
Attacks(Extende 060050011 270 0.54%
d) 060070002 255 0.51%
Other(5) 445 0.89%
Subtotal(8) 50204 45.65%
Generic Attacks 050050039 23766 74.99%
050150001 2187 6.90%
050180008 1594 5.03%
Other(19) 4144 13.08%
Subtotal(22) 31691 28.82%
SQL Injection 030000040 4035 28.66%
030000042 3616 25.68%
030000163 2297 16.31%
Other(7) 4132 29.35%
Subtotal(10) 14080 12.80%
Cross Site 010000107 1871 33.16%
Scripting 010000041 1499 26.57%
010000063 580 10.28%
Other(15) 1692 29.99%
Subtotal(18) 5642 5.13%

dd - 59
f

SQL Injection 040000142 1060 23.59%

(Extended) 040000213 931 20.72%
040000040 695 15.47%
Other(5) 1807 40.22%
Subtotal(8) 4493 4.09%
Cross Site 020000009 1411 46.68%
Scripting 020000041 1411 46.68%
(Extended) 020000143 139 4.60%
Other(4) 62 2.05%
Subtotal(7) 3023 2.75%
Known Exploits 090501484 272 38.15%
090500999 186 26.09%
090501632 80 11.22%
Other(19) 175 24.54%
Subtotal(22) 713 0.65%
Other(1) 133 0.12%
Total(8) 109979 100.00%

FortiSandbox Statistics (Last 7 Days)

FortiSandbox statistics over the last 7 days.

FortiSandbox Statistics (Last 7 Days)
Events Percent
Malicious 0 0.00%
High Risk 0 0.00%
Medium Risk 0 0.00%
Low Risk 0 0.00%
Clean 0 0.00%
Total(5) 0 100.00%

dd - 60
f

Top Attacked Http Host

Http Hosts with the most attack attempts.

Top Attacked Http Host
Http Host Events Percent
none 5456333 97.66%
expinterweb.mites.gob. 50990 0.91%
es
delta.mites.gob.es 43351 0.78%
preinterweb.mites.gob. 29670 0.53%
es
prensa.mites.gob.es 1714 0.03%
expinterweb.inclusion.g 1043 0.02%
ob.es
expinterwebseg.mites.g 637 0.01%
ob.es
Other(863) 3248 0.06%
Total(870) 5586986 100.00%

dd - 61
f

Top Attacked User Name

User Names with the most attack attempts.

Top Attacked User Name
User Name Events Percent
Unknown 5586349 99.99%
iduranva@mites.gob.es 631 0.01%
PDELACALLE@HOTMAIL 6 0.00%
.ES
Total(3) 5586986 100.00%

dd - 62
f

Top Attacked Http Referer

Http Referers with the most attack attempts.

Top Attacked Http Referer
Http Referer Events Percent
none 5476550 98.02%
https:// 15682 0.28%
expinterweb.mites.gob.
es/regcon/
https:// 10369 0.19%
delta.mites.gob.es/
Delta2Web/grsb/
AnadirTrabAcc.jsp?
numAcc=0&cmd=nuevo
&mes=12&anyo=2022
https:// 8830 0.16%
expinterweb.mites.gob.
es/regcon/index.htm
https:// 5288 0.09%
preinterweb.mites.gob.
es/astin/
https:// 4684 0.08%
delta.mites.gob.es/
Delta2Web/gusu/
usuarioregistrado.jsp
https:// 4190 0.07%
preinterweb.mites.gob.

dd - 63
f

es/astin/home
Other(4334) 61393 1.10%
Total(4341) 5586986 100.00%

Top Attacked Http Version

Http Versions with the most attack attempts.

Top Attacked Http Version
Http Version Events Percent
1.x 5577927 99.84%
unknown 9057 0.16%
2.0 2 0.00%
Total(3) 5586986 100.00%

dd - 64
f

Top Threat Weights by Client Device IDs

Client Device IDs with the most Threat Weights.

Top Threat Weights by Client Device IDs
Client Device ID Threat Weight Events Percent
none 0 5455306 99.98%
200 1027 0.02%
Subtotal(2) 5456333 97.66%
8C7F8CCE7F28B 100 20068 71.20%
DD6245CFFDE17 50 4141 14.69%
1AB1076313 0 2400 8.51%
Other(3) 1578 5.60%
Subtotal(6) 28187 0.50%
DD49A566DB590 100 1650 74.32%
3BAE962082E7E 50 372 16.76%
C9544F39B1 0 90 4.05%
Other(2) 108 4.86%
Subtotal(5) 2220 0.04%
FA5FDD2D80CE4 200 1338 100.00%
66DE5A20807CB Subtotal(1) 1338 0.02%
642FD8E860
DD24CDA18239F 25 878 100.00%
D09BC0296E136 Subtotal(1) 878 0.02%
D495C9E3B4
304586BE0FB90 200 633 100.00%
59FA95170BB0B Subtotal(1) 633 0.01%

dd - 65
f

6A8575230A
C0A2E074B859E 25 612 96.99%
29534224CBA28 100 19 3.01%
042EFC5B85 Subtotal(2) 631 0.01%
Other(13406) 96766 1.73%
Total(13413) 5586986 100.00%

Top Attack Attempts by Client Device IDs

Client Device IDs with the most attack attempts.

Top Attack Attempts by Client Device IDs
Client Device ID Attack Type Events Percent
none HTTP Connection 5447276 99.83%
Failure
Machine Learning 8030 0.15%
IP Reputation 1027 0.02%
Subtotal(3) 5456333 97.66%
8C7F8CCE7F28B SQL Injection 11979 42.50%
DD6245CFFDE17 Cross Site Scripting 3560 12.63%
1AB1076313 Generic Attacks 3235 11.48%
Other(6) 9413 33.39%
Subtotal(9) 28187 0.50%
DD49A566DB590 SQL Injection 1248 56.22%
3BAE962082E7E SQL Injection 328 14.77%
C9544F39B1 (Extended)
Generic Attacks 236 10.63%

dd - 66
f

Other(5) 408 18.38%

Subtotal(8) 2220 0.04%
FA5FDD2D80CE4 IP Reputation 1338 100.00%
66DE5A20807CB Subtotal(1) 1338 0.02%
642FD8E860
DD24CDA18239F Generic 878 100.00%
D09BC0296E136 Attacks(Extended)
D495C9E3B4 Subtotal(1) 878 0.02%
304586BE0FB90 IP Reputation 633 100.00%
59FA95170BB0B Subtotal(1) 633 0.01%
6A8575230A
C0A2E074B859E Generic 612 96.99%
29534224CBA28 Attacks(Extended)
042EFC5B85 SQL/XSS Syntax 16 2.54%
Based Detection
Known Exploits 3 0.48%
Subtotal(3) 631 0.01%
Other(13406) 96766 1.73%
Total(13413) 5586986 100.00%

Top Attack Categories by Client Device IDs

Client Device IDs with the most attack category attempts.

Top Attack Categories by Client Device IDs
Client Device ID Category Events Percent
none HTTP Connection 5447276 99.83%

dd - 67
f

Failure
Machine Learning 8030 0.15%
IP Reputation 1027 0.02%
Subtotal(3) 5456333 97.66%
8C7F8CCE7F28B Signature Detection 25781 91.46%
DD6245CFFDE17 Protected 2400 8.51%
1AB1076313 Hostnames
SQL/XSS Syntax 6 0.02%
Based Detection
Subtotal(3) 28187 0.50%
DD49A566DB590 Signature Detection 2130 95.95%
3BAE962082E7E Protected 90 4.05%
C9544F39B1 Hostnames
Subtotal(2) 2220 0.04%
FA5FDD2D80CE4 IP Reputation 1338 100.00%
66DE5A20807CB Subtotal(1) 1338 0.02%
642FD8E860
DD24CDA18239F Signature Detection 878 100.00%
D09BC0296E136 Subtotal(1) 878 0.02%
D495C9E3B4
304586BE0FB90 IP Reputation 633 100.00%
59FA95170BB0B Subtotal(1) 633 0.01%
6A8575230A
C0A2E074B859E Signature Detection 615 97.46%
29534224CBA28 SQL/XSS Syntax 16 2.54%
042EFC5B85 Based Detection
Subtotal(2) 631 0.01%
Other(13406) 96766 1.73%
Total(13413) 5586986 100.00%

dd - 68
f

Attack Summary

Attack summary infomation table.

Attack Summary
Date & Time Source Source Country Destination URL Threat Level Acti
2023-01-07 154.38.157.158 United States 10.17.210.65 none Off Alert_Deny
00:00:00