{
  "node": "argus",
  "role": "mirror",
  "generated_at": "2026-07-05T19:30:05.391355Z",
  "unique_ips": 25,
  "threats": [
    {
      "ip": "91.148.244.131",
      "first_seen": "2026-07-05T15:17:13-04:00",
      "last_seen": "2026-07-05T15:17:14-04:00",
      "scenarios": [
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T15:17:14-04:00"
        },
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T15:17:13-04:00"
        },
        {
          "name": "wp-sensitive-paths",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T15:17:13-04:00"
        },
        {
          "name": "crowdsecurity/http-sensitive-files",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T15:17:13-04:00"
        },
        {
          "name": "crowdsecurity/http-probing",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T15:17:13-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.73,
        "label": "medium"
      },
      "severity": {
        "level": "high",
        "score": 7,
        "mitre_tactics": [
          "Initial Access",
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1190",
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "77.83.39.197",
      "first_seen": "2026-07-05T15:05:33-04:00",
      "last_seen": "2026-07-05T15:05:33-04:00",
      "scenarios": [
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T15:05:33-04:00"
        }
      ],
      "source": [
        "Ares"
      ],
      "confidence": {
        "score": 0.6,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "51.68.107.142",
      "first_seen": "2026-07-05T15:00:16-04:00",
      "last_seen": "2026-07-05T15:00:16-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/http-bad-user-agent",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T15:00:16-04:00"
        }
      ],
      "source": [
        "Iris"
      ],
      "confidence": {
        "score": 0.3,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Unknown"
        ],
        "mitre_techniques": []
      },
      "scope": "fleet"
    },
    {
      "ip": "51.68.107.151",
      "first_seen": "2026-07-05T14:55:47-04:00",
      "last_seen": "2026-07-05T14:55:47-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/http-bad-user-agent",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T14:55:47-04:00"
        }
      ],
      "source": [
        "Iris"
      ],
      "confidence": {
        "score": 0.3,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Unknown"
        ],
        "mitre_techniques": []
      },
      "scope": "fleet"
    },
    {
      "ip": "144.172.116.30",
      "first_seen": "2026-07-05T13:56:54-04:00",
      "last_seen": "2026-07-05T13:56:54-04:00",
      "scenarios": [
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:56:54-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.6,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "64.89.161.85",
      "first_seen": "2026-07-05T13:56:00-04:00",
      "last_seen": "2026-07-05T13:56:00-04:00",
      "scenarios": [
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:56:00-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.6,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "64.89.161.82",
      "first_seen": "2026-07-05T13:55:39-04:00",
      "last_seen": "2026-07-05T13:55:39-04:00",
      "scenarios": [
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:55:39-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.6,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "65.109.211.195",
      "first_seen": "2026-07-05T13:54:57-04:00",
      "last_seen": "2026-07-05T13:55:00-04:00",
      "scenarios": [
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:55:00-04:00"
        },
        {
          "name": "crowdsecurity/http-sensitive-files",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T13:54:59-04:00"
        },
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:54:58-04:00"
        },
        {
          "name": "crowdsecurity/http-probing",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T13:54:57-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.54,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "211.175.22.56",
      "first_seen": "2026-07-05T13:54:26-04:00",
      "last_seen": "2026-07-05T13:54:40-04:00",
      "scenarios": [
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:54:40-04:00"
        },
        {
          "name": "wp-sensitive-paths",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T13:54:36-04:00"
        },
        {
          "name": "wordpress-probe",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T13:54:36-04:00"
        },
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:54:36-04:00"
        },
        {
          "name": "crowdsecurity/http-probing",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T13:54:26-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.82,
        "label": "medium"
      },
      "severity": {
        "level": "high",
        "score": 7,
        "mitre_tactics": [
          "Initial Access",
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1190",
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "143.244.168.161",
      "first_seen": "2026-07-05T13:53:50-04:00",
      "last_seen": "2026-07-05T13:53:56-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/jira_cve-2021-26086",
          "category": "cve-exploit",
          "base_score": 0.9,
          "count": 1,
          "last_seen": "2026-07-05T13:53:56-04:00"
        },
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:53:54-04:00"
        },
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:53:50-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.89,
        "label": "high"
      },
      "severity": {
        "level": "critical",
        "score": 9,
        "mitre_tactics": [
          "Initial Access",
          "Reconnaissance"
        ],
        "mitre_techniques": [
          "T1190",
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "164.90.228.79",
      "first_seen": "2026-07-05T13:53:35-04:00",
      "last_seen": "2026-07-05T13:53:51-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/jira_cve-2021-26086",
          "category": "cve-exploit",
          "base_score": 0.9,
          "count": 1,
          "last_seen": "2026-07-05T13:53:51-04:00"
        },
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:53:44-04:00"
        },
        {
          "name": "crowdsecurity/http-probing",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T13:53:35-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.78,
        "label": "medium"
      },
      "severity": {
        "level": "critical",
        "score": 9,
        "mitre_tactics": [
          "Initial Access",
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1190",
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "168.110.218.47",
      "first_seen": "2026-07-05T13:53:34-04:00",
      "last_seen": "2026-07-05T13:53:40-04:00",
      "scenarios": [
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:53:40-04:00"
        },
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T13:53:38-04:00"
        },
        {
          "name": "crowdsecurity/http-probing",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T13:53:34-04:00"
        },
        {
          "name": "crowdsecurity/http-sensitive-files",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T13:53:34-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.54,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "37.187.32.181",
      "first_seen": "2026-07-03T23:31:35-04:00",
      "last_seen": "2026-07-05T13:53:06-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/http-sensitive-files",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T13:53:06-04:00"
        },
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-03T23:31:35-04:00"
        }
      ],
      "source": [
        "Argus",
        "Triton"
      ],
      "confidence": {
        "score": 0.57,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "20.226.37.225",
      "first_seen": "2026-07-05T13:39:26-04:00",
      "last_seen": "2026-07-05T13:39:34-04:00",
      "scenarios": [
        {
          "name": "webshell-high-confidence",
          "category": "post-exploitation",
          "base_score": 0.95,
          "count": 1,
          "last_seen": "2026-07-05T13:39:34-04:00"
        },
        {
          "name": "webshell-probe",
          "category": "post-exploitation",
          "base_score": 0.95,
          "count": 1,
          "last_seen": "2026-07-05T13:39:34-04:00"
        },
        {
          "name": "wp-sensitive-paths",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T13:39:26-04:00"
        }
      ],
      "source": [
        "Triton"
      ],
      "confidence": {
        "score": 1.0,
        "label": "high"
      },
      "severity": {
        "level": "critical",
        "score": 9,
        "mitre_tactics": [
          "Command and Control / Persistence",
          "Initial Access"
        ],
        "mitre_techniques": [
          "T1059",
          "T1105",
          "T1190"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "62.210.142.62",
      "first_seen": "2026-07-05T12:52:03-04:00",
      "last_seen": "2026-07-05T12:53:46-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/http-admin-interface-probing",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T12:53:46-04:00"
        },
        {
          "name": "crowdsecurity/http-probing",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T12:52:03-04:00"
        }
      ],
      "source": [
        "Ares"
      ],
      "confidence": {
        "score": 0.52,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "20.24.203.130",
      "first_seen": "2026-07-05T12:53:27-04:00",
      "last_seen": "2026-07-05T12:53:28-04:00",
      "scenarios": [
        {
          "name": "webshell-high-confidence",
          "category": "post-exploitation",
          "base_score": 0.95,
          "count": 1,
          "last_seen": "2026-07-05T12:53:28-04:00"
        },
        {
          "name": "wp-sensitive-paths",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T12:53:27-04:00"
        }
      ],
      "source": [
        "Zephyrus"
      ],
      "confidence": {
        "score": 1.0,
        "label": "high"
      },
      "severity": {
        "level": "critical",
        "score": 9,
        "mitre_tactics": [
          "Command and Control / Persistence",
          "Initial Access"
        ],
        "mitre_techniques": [
          "T1059",
          "T1105",
          "T1190"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "46.105.48.30",
      "first_seen": "2026-07-05T12:33:35-04:00",
      "last_seen": "2026-07-05T12:33:35-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/http-bad-user-agent",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T12:33:35-04:00"
        }
      ],
      "source": [
        "Iris"
      ],
      "confidence": {
        "score": 0.3,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Unknown"
        ],
        "mitre_techniques": []
      },
      "scope": "fleet"
    },
    {
      "ip": "185.93.89.147",
      "first_seen": "2026-07-04T21:54:11-04:00",
      "last_seen": "2026-07-05T12:26:25-04:00",
      "scenarios": [
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T12:26:25-04:00"
        },
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-04T21:54:11-04:00"
        }
      ],
      "source": [
        "Argus",
        "Zephyrus"
      ],
      "confidence": {
        "score": 0.65,
        "label": "medium"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "2602:80d:1007::69",
      "first_seen": "2026-07-05T12:16:39-04:00",
      "last_seen": "2026-07-05T12:16:39-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/http-bad-user-agent",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T12:16:39-04:00"
        }
      ],
      "source": [
        "Zephyrus"
      ],
      "confidence": {
        "score": 0.3,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Unknown"
        ],
        "mitre_techniques": []
      },
      "scope": "fleet"
    },
    {
      "ip": "81.171.72.93",
      "first_seen": "2026-07-05T12:09:38-04:00",
      "last_seen": "2026-07-05T12:09:41-04:00",
      "scenarios": [
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T12:09:41-04:00"
        },
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T12:09:40-04:00"
        },
        {
          "name": "wp-sensitive-paths",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T12:09:40-04:00"
        },
        {
          "name": "wordpress-probe",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T12:09:39-04:00"
        },
        {
          "name": "webshell-high-confidence",
          "category": "post-exploitation",
          "base_score": 0.95,
          "count": 1,
          "last_seen": "2026-07-05T12:09:39-04:00"
        },
        {
          "name": "wp-nested-backdoor",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T12:09:39-04:00"
        },
        {
          "name": "wp-obscure-nested-php",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T12:09:39-04:00"
        },
        {
          "name": "crowdsecurity/http-crawl-non_statics",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T12:09:38-04:00"
        },
        {
          "name": "crowdsecurity/http-sensitive-files",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T12:09:38-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.93,
        "label": "high"
      },
      "severity": {
        "level": "critical",
        "score": 9,
        "mitre_tactics": [
          "Command and Control / Persistence",
          "Initial Access",
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1059",
          "T1105",
          "T1190",
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "96.41.38.202",
      "first_seen": "2026-07-05T11:44:22-04:00",
      "last_seen": "2026-07-05T11:44:23-04:00",
      "scenarios": [
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T11:44:23-04:00"
        },
        {
          "name": "mgmt-path-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T11:44:22-04:00"
        }
      ],
      "source": [
        "Triton"
      ],
      "confidence": {
        "score": 0.6,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "20.24.214.14",
      "first_seen": "2026-07-05T11:06:19-04:00",
      "last_seen": "2026-07-05T11:06:19-04:00",
      "scenarios": [
        {
          "name": "webshell-high-confidence",
          "category": "post-exploitation",
          "base_score": 0.95,
          "count": 1,
          "last_seen": "2026-07-05T11:06:19-04:00"
        },
        {
          "name": "wp-sensitive-paths",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T11:06:19-04:00"
        }
      ],
      "source": [
        "Zephyrus"
      ],
      "confidence": {
        "score": 1.0,
        "label": "high"
      },
      "severity": {
        "level": "critical",
        "score": 9,
        "mitre_tactics": [
          "Command and Control / Persistence",
          "Initial Access"
        ],
        "mitre_techniques": [
          "T1059",
          "T1105",
          "T1190"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "178.128.207.138",
      "first_seen": "2026-07-05T10:33:29-04:00",
      "last_seen": "2026-07-05T10:33:29-04:00",
      "scenarios": [
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T10:33:29-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.6,
        "label": "low"
      },
      "severity": {
        "level": "low",
        "score": 1,
        "mitre_tactics": [
          "Reconnaissance"
        ],
        "mitre_techniques": [
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "206.189.95.232",
      "first_seen": "2026-07-05T10:32:30-04:00",
      "last_seen": "2026-07-05T10:32:48-04:00",
      "scenarios": [
        {
          "name": "crowdsecurity/jira_cve-2021-26086",
          "category": "cve-exploit",
          "base_score": 0.9,
          "count": 1,
          "last_seen": "2026-07-05T10:32:48-04:00"
        },
        {
          "name": "suspicious-probe",
          "category": "reconnaissance",
          "base_score": 0.6,
          "count": 1,
          "last_seen": "2026-07-05T10:32:40-04:00"
        },
        {
          "name": "crowdsecurity/http-probing",
          "category": "other",
          "base_score": 0.4,
          "count": 1,
          "last_seen": "2026-07-05T10:32:30-04:00"
        }
      ],
      "source": [
        "Ares"
      ],
      "confidence": {
        "score": 0.78,
        "label": "medium"
      },
      "severity": {
        "level": "critical",
        "score": 9,
        "mitre_tactics": [
          "Initial Access",
          "Reconnaissance",
          "Unknown"
        ],
        "mitre_techniques": [
          "T1190",
          "T1595"
        ]
      },
      "scope": "fleet"
    },
    {
      "ip": "176.65.148.30",
      "first_seen": "2026-07-05T10:32:35-04:00",
      "last_seen": "2026-07-05T10:32:35-04:00",
      "scenarios": [
        {
          "name": "wp-sensitive-paths",
          "category": "web-exploitation",
          "base_score": 0.85,
          "count": 1,
          "last_seen": "2026-07-05T10:32:35-04:00"
        }
      ],
      "source": [
        "Argus"
      ],
      "confidence": {
        "score": 0.88,
        "label": "high"
      },
      "severity": {
        "level": "high",
        "score": 7,
        "mitre_tactics": [
          "Initial Access"
        ],
        "mitre_techniques": [
          "T1190"
        ]
      },
      "scope": "fleet"
    }
  ]
}