cschantz
5b6bd675aa
Integrate advanced intelligence into Email, FTP, and Database monitoring
Extended all 10 intelligence systems to cover all authentication attack vectors:
Email (SMTP/IMAP/POP3) Monitoring:
- Vector tracking: EMAIL
- Full intelligence integration (velocity, diversity, patterns, subnet, context)
- Progressive scoring: 10 + 8n per attempt
- Advanced bonuses can add 50-100+ points for sophisticated attacks
FTP Monitoring:
- Vector tracking: FTP
- Full intelligence integration
- Same progressive scoring and bonuses as SSH/Email
- Detects coordinated multi-service attacks
Database (MySQL) Monitoring:
- Vector tracking: DATABASE
- Full intelligence integration
- Higher base scoring: 15 + 12n per attempt (database = critical)
- Bonuses applied on top
Cross-Vector Detection Example:
IP attacks SSH (3 attempts) + Email (2 attempts) + FTP (1 attempt) = 6 total
- Base: 58 points
- Diversity bonus: +10 (DUAL_VECTOR) or +25 (3 vectors)
- Velocity bonus: +20 (if rapid)
- Pattern bonus: +20 (if automated)
- Subnet bonus: +25 (if part of botnet)
- Context bonus: +18 (night + residential ISP)
- TOTAL: Can reach 100+ (capped) very quickly
All monitoring sources now share same intelligence and contribute to unified threat assessment
2025-11-14 16:48:44 -05:00
..
2025-11-06 22:27:47 -05:00
2025-11-03 18:21:40 -05:00
2025-11-05 18:55:16 -05:00
2025-11-03 18:21:40 -05:00
2025-11-14 16:48:44 -05:00
2025-11-10 20:41:13 -05:00