Case queue
5 open cases // sorted by fusion score
- FIN-2026-0716critical
Account takeover & biometric exfiltration cluster
Multi-stage credential compromise and exfiltration detected on USER_042. 3 failed logins, password reset, and MFA bypass from 192.168.1.100, immediately followed by a $9,950.0 max-limit transfer and 5.8 GB biometric egress.
USER_042192.168.1.100ACCT_OFFSHORE_001DB_BIOMETRICS_PROD203.0.113.4298fusionACTIVE - CHR-2035-0412critical
Credential relay across build infrastructure
Fused 41 raw signals across identity, network, and build telemetry into a single attack path: a leaked CI token replayed from an unrecognized ASN, escalating toward the artifact registry.
svc-build-runner-07ivan.k@corpedge-fw-eu-2artifact-registry94fusionACTIVE - CHR-2035-0398high
Lateral movement via forgotten service mesh cert
An expired-but-honored mesh certificate bridged a deprecated namespace into payments. 17 signals fused across mesh, workload, and identity telemetry.
mesh-gw-legacypayments-nscert-2031-heirloom81fusionIN REVIEW - FIN-2035-0371mediumsample
Anomalous OAuth consent grant cluster
Six consent grants to a newly registered OAuth application within a 40-minute window. Under active correlation.
oauth-app-4417marketing-tenant62fusionMONITORING - FIN-2035-0344mediumsample
DNS beaconing from staging fleet
Low-and-slow DNS TXT queries at 300s intervals from four staging hosts.
staging-fleet-bresolver-anycast57fusionMONITORING