Mlinzi logo

MLINZI / CAMPUS IDS

Institute of Accountancy Arusha · NOC Console v4.2.1

19:42:17 UTC

Threat level: ELEVATED

5 critical · 6 high · auto-mitigation engaged on 3 endpoints

ZONE: CAMPUS-WIDERULES: 1,284ML MODEL: v7.3

Active Sessions

12,847

+312 / 5m

Packets / sec

184.2K

+4.1% / 5m

Open Alerts

14

+9 / 5m

Blocked Today

2,394

+187 / 5m

Network Traffic / Anomaly Score

Throughput AnomalyLast 60s · live

AVG

69 Mbps

PEAK

91 Mbps

ANOMALIES

7

BASELINE σ

2.31

Active Alerts

14
LIVE

  • SQL Injection

    high

    Payload matches sqlmap fingerprint

    222.196.28.71guest-portal-026m ago

  • Brute Force

    high

    47 failed SSH auth attempts in 60s

    51.132.235.200cs-lab-router-015m ago

  • SQL Injection

    high

    Payload matches sqlmap fingerprint

    21.184.30.51moodle-app-015m ago

  • SQL Injection

    high

    Payload matches sqlmap fingerprint

    74.93.139.34lib-wifi-ap-042m ago

  • Data Exfiltration

    critical

    Outbound 2.4GB to unknown host

    47.75.141.43moodle-app-012m ago

  • Anomalous Login

    medium

    Login from unusual geo + new device

    75.215.95.208registrar-db-prod2m ago

  • Anomalous Login

    medium

    Login from unusual geo + new device

    113.183.235.35registrar-db-prod1m ago

  • Brute Force

    high

    47 failed SSH auth attempts in 60s

    115.21.198.57registrar-db-prod41s ago

  • Data Exfiltration

    critical

    Outbound 2.4GB to unknown host

    75.200.172.246guest-portal-022m ago

  • Brute Force

    high

    47 failed SSH auth attempts in 60s

    219.12.236.190cs-lab-router-017m ago
auto-triage ONshowing 10 of 14

Global Threat Origin

attacks → campus
CAMPUS
India3
Germany2
Russia2
Nigeria2
United States1
Vietnam1

Protocol Mix

tcp/udp
  • HTTPS54%
  • DNS18%
  • SSH9%
  • SMB7%
  • Other12%
⚠ SSH traffic 38% above weekly baseline — see "Brute Force" alerts

Top Offending IPs

last 30m
  • 222.196.28.71India1
  • 51.132.235.200United States1
  • 21.184.30.51Germany1
  • 74.93.139.34Russia1
  • 47.75.141.43Nigeria1
  • 75.215.95.208India1
  • 113.183.235.35India1

Packet Inspector — live tail

/var/log/sentinel/ids.log
19:36:11[EVT-7.8V9-1]SQL_INJECTIONsrc=222.196.28.71dst=10.42.1.16host=guest-portal-02pkts=34536
19:36:48[EVT-D.YNL-2]BRUTE_FORCEsrc=51.132.235.200dst=10.42.118.173host=cs-lab-router-01pkts=5575
19:36:49[EVT-XG.FJ-3]SQL_INJECTIONsrc=21.184.30.51dst=10.42.80.75host=moodle-app-01pkts=1587
19:39:25[EVT-4.2U7-4]SQL_INJECTIONsrc=74.93.139.34dst=10.42.210.64host=lib-wifi-ap-04pkts=7139
19:39:54[EVT-IH.LP-5]DATA_EXFILTRATIONsrc=47.75.141.43dst=10.42.212.59host=moodle-app-01pkts=48554
19:40:16[EVT-Y.KUJ-6]ANOMALOUS_LOGINsrc=75.215.95.208dst=10.42.31.130host=registrar-db-prodpkts=18211
19:40:33[EVT-P.A8B-7]ANOMALOUS_LOGINsrc=113.183.235.35dst=10.42.141.167host=registrar-db-prodpkts=25816
19:41:36[EVT-1.6IS-8]BRUTE_FORCEsrc=115.21.198.57dst=10.42.196.2host=registrar-db-prodpkts=23696
19:39:24[EVT-8.Q4O-9]DATA_EXFILTRATIONsrc=75.200.172.246dst=10.42.210.43host=guest-portal-02pkts=35137
19:34:19[EVT-B.4SG-10]BRUTE_FORCEsrc=219.12.236.190dst=10.42.138.131host=cs-lab-router-01pkts=30059
19:38:52[EVT-UQ.AR-11]DATA_EXFILTRATIONsrc=195.100.42.131dst=10.42.112.85host=auth.sso.univ.edupkts=40397
19:41:58[EVT-X.C7I-12]DATA_EXFILTRATIONsrc=49.22.242.141dst=10.42.106.132host=lib-wifi-ap-04pkts=48067
19:36:38[EVT-Z.ZQ7-13]ANOMALOUS_LOGINsrc=71.125.33.53dst=10.42.165.208host=registrar-db-prodpkts=31330
19:39:28[EVT-I.IID-14]DDOS_ATTEMPTsrc=166.85.197.38dst=10.42.43.25host=registrar-db-prodpkts=31232