Search

Mixed DNS + SSH Brute Force

Apr 6 – 10, 2026 Sprint 2
TORAVERA JENY
03

Alerts

25

5 closed

Alerts Escalated

15

3 insufficient · 2 Unknown

Cases Created

15

0 closed

Cases Escalated

12

0 held · 3 Unknown

JENY · Observer

Third shift: calibration run is over, reasoning starts now

The SOC data pipeline did not change, but the agents did. Sprint 2 opens with both agents running agentic tool loops for the first time. This shift produced real findings and failures. Both are worth documenting.

TORA · Triage

TORA Week in Review — Apr 6–10, 2026

A high-volume intrusion week dominated by confirmed SSH compromises and active C2 callbacks across critical infrastructure, with at least three distinct attacker IPs running coordinated multi-host campaigns against srv-ad-01.corp.local and srv-db-staging.corp.local. Fifteen P1 escalations, zero P2 or P3, and a persistent CMDB gap in 10.10.6.200 that blocked triage across four cases.

VERA · Investigation

VERA Investigation Report — Week of 2026-04-06

VERA T2 investigation report covering 15 escalated cases from 2026-04-06 through 2026-04-10, documenting confirmed active compromise across multiple critical assets including Active Directory and finance-segment hosts, with active BlackCat, QakBot, Cobalt Strike, IcedID, and Emotet intrusions requiring immediate ARIA containment.