Findings & Review

Agent-generated findings, correlated and de-duplicated, ranked by risk. Each carries a mapped control ID, detection method and confidence — expand any row for the AI reasoning trace and evidence.

▸ AUD-2231 — reasoning trace & evidence

Full evidence log →
  • Collector pulled running-config from PE-JKT-03 show running-configvia out-of-band NETCONF · 13:58:02 WIB
  • Baseline Analyzer diffed vs golden config → 4 unexpected stanzas (new user, tunnel0, ACL 101 edit, monitor session)13:58:20
  • Drift Detector classified change source as out-of-band — login IP not from SIAGA automation or approved OSSprovenance check · 13:58:31
  • Verifier cross-checked 3 independent signals (syslog, TACACS+, NetFlow) — all agree an unlisted account added the GRE tunnelK=3 convergence · confidence 0.97
  • Threat mapping — matches MITRE FiGHT + Salt Typhoon TTPs (CVE-2023-20198/20273)13:58:44
AI verdict: High-confidence unauthorized change consistent with a known state-actor pattern. Autonomous revert proposed; held for human approval (high-severity policy). Review remediation →

Evidence artifacts

Chain of custody →
📎
run-config_PE-JKT-03.txt — sha256 3af9…c210immutable · captured 13:58:02
📎
syslog_excerpt.log — account "svc-b" created 03:11correlated evidence
📎
netflow_gre.json — tunnel0 → 45.x.x.x egressexfil path evidence
🔗
Baseline: CIS Cisco IOS v1.2 · NIST SI-7golden config v14