Executive Summary
This report covers threat intelligence collected by HookProbe's edge IDS deployment during June 2026. All data comes from a production Raspberry Pi 5 running the NAPSE AI-native intrusion detection engine, HYDRA threat intelligence pipeline, and AEGIS autonomous defense system.
HookProbe processed 19496713 security events this month, classified 455101 ML verdicts, tracked 392570 unique IP addresses, and analyzed 0 network flows totaling 0 GB of traffic.
Threat Event Breakdown
The HYDRA threat intelligence pipeline processed 19496713 events across three defense layers:
| Defense Layer | Events | Unique IPs | % of Total |
|---|---|---|---|
| Rate Limiting (DDoS/Brute-Force) | 8610811 | 163 | 44% |
| Blocklist Enforcement | 7319743 | 6720 | 37% |
| ML Score Threshold | 3566159 | 3590 | 18% |
ML Classification Results
The SENTINEL ML ensemble classified 455101 IP behaviors this month:
- Benign: 327984 (72%) — normal traffic, no action taken
- Suspicious: 56250 (12%) — elevated monitoring, behavioral tracking
- Malicious: 70867 (15%) — escalated to cognitive throttling or blocking
IP Risk Distribution
HYDRA profiled 392570 unique IP addresses with composite risk scores:
- Critical (0.8+): 2196 IPs (0%)
- High (0.5-0.8): 136278 IPs (34%)
- Medium (0.2-0.5): 213812 IPs (54%)
- Low (<0.2): 40284 IPs (10%)
Indicators of Compromise
0 new IoCs were discovered this month (4150 active total). All indicators are IP-based, sourced from behavioral analysis by the SENTINEL ML pipeline and correlated with Spamhaus DROP and FireHOL blocklists.
Attack Pattern Intelligence
The SENTINEL pattern mining engine discovered 2655 attack patterns and identified 0 coordinated campaigns. The predictive engine generated 107243 proactive alerts for preemptive defense.
Network Flow Analysis
NAPSE processed 0 network flows totaling 0 GB of inspected traffic. Autonomous blocking issued 0 throttle/block actions against 0 unique IPs.
Security Posture
The QSecBit security score averaged 87/100 throughout June 2026, maintaining GREEN (Protected) status. The score remained stable, indicating consistent defense posture without degradation events.
Key Takeaways
- Rate limiting remains the primary defense mechanism, handling 44% of all security events from just 163 aggressive source IPs
- The ML pipeline correctly identified 72% of traffic as benign — low false positive rate
- 2196 critical-risk IPs were identified and tracked — representing active threat actors
- All detection and response ran autonomously on a Raspberry Pi 5 with zero manual intervention
About This Report
This threat intelligence is generated from a production HookProbe deployment running on a Raspberry Pi 5 (8GB RAM). The system uses NAPSE (AI-native IDS), HYDRA (threat intelligence pipeline), SENTINEL (ML classification), and AEGIS (autonomous defense) — all open-source under AGPL v3.0.
Data is collected, processed, and published automatically. No data is fabricated or simulated. View the source code on GitHub.