SOC Operations Dashboard — CT Cyber Defence

Critical Alerts

↑ 2 since last hour

Threats Blocked

14,847

↑ last 24 hours

Events/sec

3,421

ingesting now

Avg MTTR

4.2m

↓ 36% vs baseline

Endpoints

312

all agents healthy

Uptime SLA

99.97%

30-day rolling

Live Alert Feed

0 events LIVE

Threat Activity — Last 24 Hours

Updating…

Critical High Medium Low

Global Threat Origins

LIVE

CRIT

HIGH

MED

LOW

0Blocked

0Active Arcs

7SOC Nodes

Analysts:

Sandeep M.

Rahul K.

Priya S.

Queue: 0 unassigned

Tracked Threat Actors

6 TRACKED

APT

APT42 / Charming Kitten

Origin: Iran · Sector: Gov / Finance

Targeting UK/EU financial sector with spear-phishing & credential harvesting

CRITICAL

Scattered Spider

Origin: EN · Sector: Retail / Tech

Social engineering & SIM-swapping targeting MSP supply chains

HIGH

LockBit 3.0 / RaaS

Origin: CN/RU · Sector: All

Ransomware-as-a-Service — intermittent encryption, BYOVD EDR kill

HIGH

Interactive SOC Command Shell — Simulated Terminal

BASH / ZSH EMULATOR V1.2

Welcome to CT Cyber Defence SOC Command Terminal.
Type 'help' to see a list of available security shell commands.
analyst@soc-console:~# _

        analyst@soc-console:~#

Automated Cyber Range — Incident Response Simulator

ACTIVE SIMULATOR V2.0

1. Select Attack Scenario

APT42 Ransomware Attack

Vector: fileserver-02 phishing

SSH Brute-Force Intrusion

Vector: gateway firewall access

CRM-DB Data Leakage Vector

Vector: CRM query breach exfil

Simulation: APT42 Ransomware

IDLE

SIMULATOR ENGINE: STANDBY / ONLINE
ACTIVE PLAYBOOKS: 3 LOADED

              Select an attack scenario from the operational matrix on the left and click 'Launch Automated Simulation' to run a dynamic cyber range incident containment test.
            

Autopilot: OFF

Critical CVEs — Active Exposure

14 CRITICAL

9.8

CVE-2025-21204

Windows CLFS Driver Privilege Escalation

Microsoft · Patch Tuesday May 2025

9.6

CVE-2025-29824

CLFS Driver RCE — Ransomware Exploited

Microsoft · Actively exploited in wild

9.1

CVE-2024-55591

Fortinet FortiOS Auth Bypass

Fortinet · VPN Gateway attack surface

9.0

CVE-2025-0282

Ivanti Connect Secure Stack Overflow

Ivanti · Pre-auth RCE, patched Jan 2025

9.8

CVE-2025-30065

Apache Parquet RCE via Schema Parse

Apache · Data pipeline attack vector

Active IOC Feed

48 IOCs

Type	Indicator	Confidence	Source
IP	185.220.101.47	Critical	AlienVault
DOM	update-windows-kb.xyz	Critical	VirusTotal
HASH	e3b0c44298fc1c149a…	High	MalwareBazaar
IP	45.142.212.100	High	AbuseIPDB
URL	hxxp://bit.ly/3xR7p2	High	URLhaus
DOM	secure-docusign-verify.net	High	OSINT
HASH	a1b2c3d4e5f6789012…	Medium	Hybrid Analysis
IP	91.219.236.51	Medium	Shodan

Refreshed: just now Sources: AlienVault · VirusTotal · Shodan · AbuseIPDB

Endpoint Agent Health

312/312

Windows Workstations

218 agents · Elastic 8.12.2

100%

Linux Servers

68 agents · Auditbeat + Fleet

97%

Cloud (AWS/Azure)

26 agents · CloudTrail + Flow

92%

Mobile Devices (MDM)

0 agents · MDM not enrolled

N/A

          Platform: Elastic Agent Fleet
          Last sync: just now
        

Fleet Integrity Node Auditor & Threat Simulator

ACTIVE OPERATIONS V2.2

Fleet Integrity Auditor

Audit and secure corporate network systems dynamically. Click 'Run Fleet Integrity Audit' to trigger probes.

10.0.1.10

web-gateway-01

ACTIVE / SECURE

10.0.1.20

crm-database-02

MFA AUDIT NEEDED

10.0.2.15

endpoint-win-112

EDR INACTIVE

Live Threat Vector Simulator

Simulate live, advanced threat attack vectors to test incident response and playbooks telemetry in real-time.

Select Cyber Threat Vector

threat-sim@soc-console:~# waiting for vector launch request...

ISO
27001

ISO 27001

94%

Coverage

CE
Plus

Cyber Essentials+

100%

Compliant

GDPR

UK GDPR

97%

Coverage

MITRE
ATT&CK

MITRE ATT&CK

87%

Technique Coverage

NIST
CSF

NIST CSF 2.0

89%

Function Maturity

Identity Verification

1. Select Attack Scenario

Simulation: APT42 Ransomware

Fleet Integrity Auditor

Live Threat Vector Simulator