Executive Summary
This report covers threat intelligence collected by HookProbe's edge IDS deployment during May 2026. All data comes from a production Raspberry Pi 5 running the NAPSE AI-native intrusion detection engine, HYDRA threat intelligence pipeline, and AEGIS autonomous defense system.
HookProbe processed 3754857 security events this month, classified 150734 ML verdicts, tracked 6082 unique IP addresses, and analyzed 0 network flows totaling 0 GB of traffic.
Threat Event Breakdown
The HYDRA threat intelligence pipeline processed 3754857 events across three defense layers:
| Defense Layer | Events | Unique IPs | % of Total |
|---|---|---|---|
| Rate Limiting (DDoS/Brute-Force) | 1151481 | 24 | 30% |
| Blocklist Enforcement | 1436940 | 8634 | 38% |
| ML Score Threshold | 1166436 | 4643 | 31% |
ML Classification Results
The SENTINEL ML ensemble classified 150734 IP behaviors this month:
- Benign: 101747 (67%) — normal traffic, no action taken
- Suspicious: 15111 (10%) — elevated monitoring, behavioral tracking
- Malicious: 33876 (22%) — escalated to cognitive throttling or blocking
IP Risk Distribution
HYDRA profiled 6082 unique IP addresses with composite risk scores:
- Critical (0.8+): 2670 IPs (43%)
- High (0.5-0.8): 2606 IPs (42%)
- Medium (0.2-0.5): 806 IPs (13%)
- Low (<0.2): 0 IPs (0%)
Indicators of Compromise
0 new IoCs were discovered this month (5189 active total). All indicators are IP-based, sourced from behavioral analysis by the SENTINEL ML pipeline and correlated with Spamhaus DROP and FireHOL blocklists.
Attack Pattern Intelligence
The SENTINEL pattern mining engine discovered 2546 attack patterns and identified 0 coordinated campaigns. The predictive engine generated 86098 proactive alerts for preemptive defense.
Network Flow Analysis
NAPSE processed 0 network flows totaling 0 GB of inspected traffic. Autonomous blocking issued 0 throttle/block actions against 0 unique IPs.
Security Posture
The QSecBit security score averaged 78.2/100 throughout May 2026, maintaining GREEN (Protected) status. The score remained stable, indicating consistent defense posture without degradation events.
Key Takeaways
- Rate limiting remains the primary defense mechanism, handling 30% of all security events from just 24 aggressive source IPs
- The ML pipeline correctly identified 67% of traffic as benign — low false positive rate
- 2670 critical-risk IPs were identified and tracked — representing active threat actors
- All detection and response ran autonomously on a Raspberry Pi 5 with zero manual intervention
About This Report
This threat intelligence is generated from a production HookProbe deployment running on a Raspberry Pi 5 (8GB RAM). The system uses NAPSE (AI-native IDS), HYDRA (threat intelligence pipeline), SENTINEL (ML classification), and AEGIS (autonomous defense) — all open-source under AGPL v3.0.
Data is collected, processed, and published automatically. No data is fabricated or simulated. View the source code on GitHub.