Cyber Ontology

← Home

Correlated Incidents

Legion's high-priority, correlated incidents built from multiple alerts and entities across the unified ontology.

IDTitleSeverityStatusEntitiesEventsDetected
00INC-3
Cloud Misconfiguration: arn:aws:s3:::customer-exports
Cloud Guardian Detective
MEDIUMOpen33about 1 hour ago
0INC-11
Suspicious Cloud Activity Pattern
SIEM Correlator
HIGHOpen44about 1 hour ago
00INC-8
Compromised Device: WIN-ENG-02
Endpoint Hunter, SIEM Correlator
HIGHOpen43about 1 hour ago
0INC-10
Credential Theft Followed by Lateral Movement
SIEM Correlator
HIGHOpen53about 1 hour ago
00INC-2
Suspicious Identity Activity: sarah.patel@legion-demo.com
IAM Patrol Detective, Endpoint Hunter, SIEM Correlator
CRITICALOpen32about 2 hours ago
00INC-5
Compromised Device: WIN-ACCT-01
Endpoint Hunter, SIEM Correlator
HIGHOpen43about 2 hours ago
00INC-7
Compromised Device: WIN-ACCT-01
Endpoint Hunter, SIEM Correlator
HIGHOpen43about 2 hours ago
00INC-9
Multi-Domain Attack Chain Detected
SIEM Correlator
CRITICALOpen43about 2 hours ago
0INC-12
Impossible Travel with Data Exfiltration
SIEM Correlator
CRITICALOpen43about 2 hours ago
0INC-14
Repeated MFA Failures Followed by Access
SIEM Correlator
HIGHOpen32about 3 hours ago
00INC-1
Suspicious Identity Activity: tom.nguyen@legion-demo.com
IAM Patrol Detective, Endpoint Hunter, SIEM Correlator
CRITICALOpen32about 4 hours ago
00INC-6
Compromised Device: MAC-FIN-01
Endpoint Hunter, SIEM Correlator
HIGHOpen43about 4 hours ago
0INC-13
Ransomware Behavior Detected
SIEM Correlator
CRITICALOpen32about 4 hours ago
00INC-4
Cloud Misconfiguration: arn:aws:iam::123456789012:role/AdminRole
Cloud Guardian Detective
MEDIUMOpen331 day ago
Explain0 attached
Attached Context

I'm Legion AI Copilot. I can help you understand incidents, identities, vendors, systems, data assets, and the ontology graph. What would you like to know?