WS-3 · D-13/D-14
Security Operations Centre
SIEM event stream, IDS / IPS posture and 24/7 monitoring across edge, app and cloud.
-3 vs yesterday
7
Open alerts
SLA < 10m
4.2m
Mean time to detect
SLA < 30m
18m
Mean time to respond
100% coverage
1,284
Endpoints monitored
Live SIEM event feed
| Event | Time | Severity | Source | Detection | Host / IP | Status |
|---|---|---|---|---|---|---|
| E-9412 | 14:32:08 | critical | IDS / Suricata | ET POLICY Outbound SSH from container | edge-fn-eu-west-3 10.0.4.21 | open |
| E-9411 | 14:28:41 | high | WAF / Cloudflare | SQL Injection attempt blocked | api.festicket.io 203.0.113.42 | blocked |
| E-9410 | 14:21:09 | medium | Auth / Supabase | 5 failed logins · same IP | auth.festicket.io 198.51.100.7 | investigating |
| E-9409 | 14:02:55 | low | EDR / CrowdStrike | Unsigned binary executed | dev-laptop-marta — | acknowledged |
| E-9408 | 13:51:30 | high | Cloud / AWS GuardDuty | S3 bucket made public | festicket-media — | remediated |
| E-9407 | 13:44:12 | medium | IDS / Suricata | Port scan detected | ingress-gw-1 192.0.2.88 | blocked |
| E-9406 | 13:30:00 | low | DLP / Nightfall | PII pattern in Slack message | slack-workspace — | acknowledged |
IDS / IPS sensors
Suricata IDS
Network IDS · Edge + VPC peering
142
healthy
Cloudflare WAF
Application IPS · api.festicket.io / *.festicket.io
88
healthy
CrowdStrike Falcon
Endpoint EDR · 1,284 endpoints
9
healthy
AWS GuardDuty
Cloud workload IDS · 3 accounts · 12 regions
21
degraded
Encryption posture
- Data at restPostgreSQL · AES-256 · KMS-managed
- Data in transitTLS 1.3 · HSTS · 100% endpoints
- Secrets managerAWS Secrets Manager · 90-day rotation
- DLP scanningPII / PAN patterns · Slack + Email
- Breach response planRunbook v2.4 · last tabletop 12 Aug