CloudNDR | Cloud-Native Evidence Fabric

Critical

High

Medium

Low

Open

Investigating

Resolved

Lateral Movement: SSH from SASE to K8s Pod

critical

Alert ID: ALT-001 • 12/6/2025, 10:00:00 AM

open

Source

alice.admin@lawfirm.com (192.168.1.50)

Destination

payroll-db-0 (10.0.2.15:22)

MITRE ATT&CK

T1021.004

UnassignedFlow: Cabc12345

View Evidence

Data Exfiltration: Large Egress to Unknown IP

critical

Alert ID: ALT-002 • 12/6/2025, 9:15:00 AM

investigating

Source

test-app-xyz99 (10.0.5.10)

Destination

203.0.113.50:443

MITRE ATT&CK

T1041

john.doe@company.comFlow: Cjkl31415

View Evidence

DNS Tunneling: High Entropy DNS Queries

high

Alert ID: ALT-003 • 12/6/2025, 9:30:00 AM

open

Source

payment-processor-abc12 (10.0.2.25)

Destination

8.8.8.8:53

MITRE ATT&CK

T1071.004

UnassignedFlow: Cghi11121

View Evidence

East-West: Frontend Direct to Database

high

Alert ID: ALT-004 • 12/6/2025, 8:45:00 AM

open

Source

compromised-pod-abc (10.0.1.50)

Destination

postgres-primary-0 (10.0.4.100:5432)

MITRE ATT&CK

T1021.004

UnassignedFlow: Cmno16171

View Evidence

Privileged Pod External Connection

medium

Alert ID: ALT-005 • 12/6/2025, 8:30:00 AM

resolved

Source

kube-system/calico-node-xyz (10.0.0.5)

Destination

198.51.100.10:443

MITRE ATT&CK

T1071.001

jane.smith@company.comFlow: Cpqr18192

View Evidence

Critical

High

Medium

Low

Open

Investigating

Resolved

Lateral Movement: SSH from SASE to K8s Pod

critical

Alert ID: ALT-001 • 12/6/2025, 10:00:00 AM

open

Source

alice.admin@lawfirm.com (192.168.1.50)

Destination

payroll-db-0 (10.0.2.15:22)

MITRE ATT&CK

T1021.004

UnassignedFlow: Cabc12345

View Evidence

Data Exfiltration: Large Egress to Unknown IP

critical

Alert ID: ALT-002 • 12/6/2025, 9:15:00 AM

investigating

Source

test-app-xyz99 (10.0.5.10)

Destination

203.0.113.50:443

MITRE ATT&CK

T1041

john.doe@company.comFlow: Cjkl31415

View Evidence

DNS Tunneling: High Entropy DNS Queries

high

Alert ID: ALT-003 • 12/6/2025, 9:30:00 AM

open

Source

payment-processor-abc12 (10.0.2.25)

Destination

8.8.8.8:53

MITRE ATT&CK

T1071.004

UnassignedFlow: Cghi11121

View Evidence

East-West: Frontend Direct to Database

high

Alert ID: ALT-004 • 12/6/2025, 8:45:00 AM

open

Source

compromised-pod-abc (10.0.1.50)

Destination

postgres-primary-0 (10.0.4.100:5432)

MITRE ATT&CK

T1021.004

UnassignedFlow: Cmno16171

View Evidence

Privileged Pod External Connection

medium

Alert ID: ALT-005 • 12/6/2025, 8:30:00 AM

resolved

Source

kube-system/calico-node-xyz (10.0.0.5)

Destination

198.51.100.10:443

MITRE ATT&CK

T1071.001

jane.smith@company.comFlow: Cpqr18192

View Evidence

Alert Management

Lateral Movement: SSH from SASE to K8s Pod

Data Exfiltration: Large Egress to Unknown IP

DNS Tunneling: High Entropy DNS Queries

East-West: Frontend Direct to Database

Privileged Pod External Connection

Alert Management

Lateral Movement: SSH from SASE to K8s Pod

Data Exfiltration: Large Egress to Unknown IP

DNS Tunneling: High Entropy DNS Queries

East-West: Frontend Direct to Database

Privileged Pod External Connection