Executive Summary
This report covers threat intelligence collected by HookProbe's edge IDS deployment during April 2026. All data comes from a production Raspberry Pi 5 running the NAPSE AI-native intrusion detection engine, HYDRA threat intelligence pipeline, and AEGIS autonomous defense system.
HookProbe processed 7376528 security events this month, classified 548248 ML verdicts, tracked 91512 unique IP addresses, and analyzed 0 network flows totaling 0 GB of traffic.
Threat Event Breakdown
The HYDRA threat intelligence pipeline processed 7376528 events across three defense layers:
| Defense Layer | Events | Unique IPs | % of Total |
|---|---|---|---|
| Rate Limiting (DDoS/Brute-Force) | 4902770 | 85 | 66% |
| Blocklist Enforcement | 1419033 | 7182 | 19% |
| ML Score Threshold | 1054725 | 3460 | 14% |
ML Classification Results
The SENTINEL ML ensemble classified 548248 IP behaviors this month:
- Benign: 137978 (25%) — normal traffic, no action taken
- Suspicious: 22112 (4%) — elevated monitoring, behavioral tracking
- Malicious: 388158 (70%) — escalated to cognitive throttling or blocking
IP Risk Distribution
HYDRA profiled 91512 unique IP addresses with composite risk scores:
- Critical (0.8+): 6912 IPs (7%)
- High (0.5-0.8): 27562 IPs (30%)
- Medium (0.2-0.5): 56330 IPs (61%)
- Low (<0.2): 708 IPs (0%)
Indicators of Compromise
0 new IoCs were discovered this month (3855 active total). All indicators are IP-based, sourced from behavioral analysis by the SENTINEL ML pipeline and correlated with Spamhaus DROP and FireHOL blocklists.
Attack Pattern Intelligence
The SENTINEL pattern mining engine discovered 2305 attack patterns and identified 0 coordinated campaigns. The predictive engine generated 86575 proactive alerts for preemptive defense.
Network Flow Analysis
NAPSE processed 0 network flows totaling 0 GB of inspected traffic. Autonomous blocking issued 0 throttle/block actions against 0 unique IPs.
Security Posture
The QSecBit security score averaged 78.3/100 throughout April 2026, maintaining GREEN (Protected) status. The score remained stable, indicating consistent defense posture without degradation events.
Key Takeaways
- Rate limiting remains the primary defense mechanism, handling 66% of all security events from just 85 aggressive source IPs
- The ML pipeline correctly identified 25% of traffic as benign — low false positive rate
- 6912 critical-risk IPs were identified and tracked — representing active threat actors
- All detection and response ran autonomously on a Raspberry Pi 5 with zero manual intervention
About This Report
This threat intelligence is generated from a production HookProbe deployment running on a Raspberry Pi 5 (8GB RAM). The system uses NAPSE (AI-native IDS), HYDRA (threat intelligence pipeline), SENTINEL (ML classification), and AEGIS (autonomous defense) — all open-source under AGPL v3.0.
Data is collected, processed, and published automatically. No data is fabricated or simulated. View the source code on GitHub.