[{"id":4509,"fincertId":"FINCERT-2026-004509","incidentId":21260,"idempotencyKey":"incident-21260","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:55.206383Z","receivedAt":"2026-05-15T20:53:55.225205Z"},{"id":4508,"fincertId":"FINCERT-2026-004508","incidentId":21254,"idempotencyKey":"incident-21254","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:55.072095Z","receivedAt":"2026-05-15T20:53:55.086066Z"},{"id":4507,"fincertId":"FINCERT-2026-004507","incidentId":21253,"idempotencyKey":"incident-21253","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:55.051030Z","receivedAt":"2026-05-15T20:53:55.064703Z"},{"id":4506,"fincertId":"FINCERT-2026-004506","incidentId":21250,"idempotencyKey":"incident-21250","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:54.971807Z","receivedAt":"2026-05-15T20:53:54.997821Z"},{"id":4505,"fincertId":"FINCERT-2026-004505","incidentId":21246,"idempotencyKey":"incident-21246","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:54.896157Z","receivedAt":"2026-05-15T20:53:54.912489Z"},{"id":4504,"fincertId":"FINCERT-2026-004504","incidentId":21245,"idempotencyKey":"incident-21245","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:54.851372Z","receivedAt":"2026-05-15T20:53:54.881029Z"},{"id":4503,"fincertId":"FINCERT-2026-004503","incidentId":21243,"idempotencyKey":"incident-21243","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:54.784066Z","receivedAt":"2026-05-15T20:53:54.805602Z"},{"id":4502,"fincertId":"FINCERT-2026-004502","incidentId":21242,"idempotencyKey":"incident-21242","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:54.746902Z","receivedAt":"2026-05-15T20:53:54.766462Z"},{"id":4501,"fincertId":"FINCERT-2026-004501","incidentId":21236,"idempotencyKey":"incident-21236","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:54.631208Z","receivedAt":"2026-05-15T20:53:54.656039Z"},{"id":4500,"fincertId":"FINCERT-2026-004500","incidentId":21233,"idempotencyKey":"incident-21233","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:54.562848Z","receivedAt":"2026-05-15T20:53:54.582224Z"},{"id":4499,"fincertId":"FINCERT-2026-004499","incidentId":21232,"idempotencyKey":"incident-21232","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:54.536086Z","receivedAt":"2026-05-15T20:53:54.551795Z"},{"id":4498,"fincertId":"FINCERT-2026-004498","incidentId":21230,"idempotencyKey":"incident-21230","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:54.502113Z","receivedAt":"2026-05-15T20:53:54.513877Z"},{"id":4497,"fincertId":"FINCERT-2026-004497","incidentId":21228,"idempotencyKey":"incident-21228","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:54.457119Z","receivedAt":"2026-05-15T20:53:54.479219Z"},{"id":4496,"fincertId":"FINCERT-2026-004496","incidentId":21224,"idempotencyKey":"incident-21224","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:54.395379Z","receivedAt":"2026-05-15T20:53:54.407853Z"},{"id":4495,"fincertId":"FINCERT-2026-004495","incidentId":21221,"idempotencyKey":"incident-21221","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:54.337217Z","receivedAt":"2026-05-15T20:53:54.353866Z"},{"id":4494,"fincertId":"FINCERT-2026-004494","incidentId":21220,"idempotencyKey":"incident-21220","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:54.308857Z","receivedAt":"2026-05-15T20:53:54.329951Z"},{"id":4493,"fincertId":"FINCERT-2026-004493","incidentId":21218,"idempotencyKey":"incident-21218","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:54.265969Z","receivedAt":"2026-05-15T20:53:54.281346Z"},{"id":4492,"fincertId":"FINCERT-2026-004492","incidentId":21205,"idempotencyKey":"incident-21205","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:53.977589Z","receivedAt":"2026-05-15T20:53:53.996867Z"},{"id":4491,"fincertId":"FINCERT-2026-004491","incidentId":21202,"idempotencyKey":"incident-21202","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:53.913429Z","receivedAt":"2026-05-15T20:53:53.926709Z"},{"id":4490,"fincertId":"FINCERT-2026-004490","incidentId":21200,"idempotencyKey":"incident-21200","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:53.862661Z","receivedAt":"2026-05-15T20:53:53.887878Z"},{"id":4489,"fincertId":"FINCERT-2026-004489","incidentId":21186,"idempotencyKey":"incident-21186","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:53.564870Z","receivedAt":"2026-05-15T20:53:53.582570Z"},{"id":4488,"fincertId":"FINCERT-2026-004488","incidentId":21182,"idempotencyKey":"incident-21182","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:53.454422Z","receivedAt":"2026-05-15T20:53:53.476395Z"},{"id":4487,"fincertId":"FINCERT-2026-004487","incidentId":21181,"idempotencyKey":"incident-21181","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:53.424366Z","receivedAt":"2026-05-15T20:53:53.436938Z"},{"id":4486,"fincertId":"FINCERT-2026-004486","incidentId":21179,"idempotencyKey":"incident-21179","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:53.369400Z","receivedAt":"2026-05-15T20:53:53.388879Z"},{"id":4485,"fincertId":"FINCERT-2026-004485","incidentId":21178,"idempotencyKey":"incident-21178","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:53.316046Z","receivedAt":"2026-05-15T20:53:53.354150Z"},{"id":4484,"fincertId":"FINCERT-2026-004484","incidentId":21177,"idempotencyKey":"incident-21177","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:53.289216Z","receivedAt":"2026-05-15T20:53:53.301097Z"},{"id":4483,"fincertId":"FINCERT-2026-004483","incidentId":21176,"idempotencyKey":"incident-21176","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:53.264461Z","receivedAt":"2026-05-15T20:53:53.280704Z"},{"id":4482,"fincertId":"FINCERT-2026-004482","incidentId":21175,"idempotencyKey":"incident-21175","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:53.240223Z","receivedAt":"2026-05-15T20:53:53.255999Z"},{"id":4481,"fincertId":"FINCERT-2026-004481","incidentId":21174,"idempotencyKey":"incident-21174","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:53.216248Z","receivedAt":"2026-05-15T20:53:53.233205Z"},{"id":4480,"fincertId":"FINCERT-2026-004480","incidentId":21171,"idempotencyKey":"incident-21171","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:53.113935Z","receivedAt":"2026-05-15T20:53:53.146314Z"},{"id":4479,"fincertId":"FINCERT-2026-004479","incidentId":21170,"idempotencyKey":"incident-21170","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:53.086856Z","receivedAt":"2026-05-15T20:53:53.104222Z"},{"id":4478,"fincertId":"FINCERT-2026-004478","incidentId":21169,"idempotencyKey":"incident-21169","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:53.061362Z","receivedAt":"2026-05-15T20:53:53.077922Z"},{"id":4477,"fincertId":"FINCERT-2026-004477","incidentId":21166,"idempotencyKey":"incident-21166","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:52.969085Z","receivedAt":"2026-05-15T20:53:53.003092Z"},{"id":4476,"fincertId":"FINCERT-2026-004476","incidentId":21162,"idempotencyKey":"incident-21162","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:52.871552Z","receivedAt":"2026-05-15T20:53:52.900472Z"},{"id":4475,"fincertId":"FINCERT-2026-004475","incidentId":21158,"idempotencyKey":"incident-21158","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:52.736619Z","receivedAt":"2026-05-15T20:53:52.750095Z"},{"id":4474,"fincertId":"FINCERT-2026-004474","incidentId":21154,"idempotencyKey":"incident-21154","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:52.664629Z","receivedAt":"2026-05-15T20:53:52.682589Z"},{"id":4473,"fincertId":"FINCERT-2026-004473","incidentId":21145,"idempotencyKey":"incident-21145","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:52.492928Z","receivedAt":"2026-05-15T20:53:52.508119Z"},{"id":4472,"fincertId":"FINCERT-2026-004472","incidentId":21137,"idempotencyKey":"incident-21137","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:52.364850Z","receivedAt":"2026-05-15T20:53:52.376921Z"},{"id":4471,"fincertId":"FINCERT-2026-004471","incidentId":21131,"idempotencyKey":"incident-21131","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:52.258026Z","receivedAt":"2026-05-15T20:53:52.269722Z"},{"id":4470,"fincertId":"FINCERT-2026-004470","incidentId":21126,"idempotencyKey":"incident-21126","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:52.180976Z","receivedAt":"2026-05-15T20:53:52.191351Z"},{"id":4469,"fincertId":"FINCERT-2026-004469","incidentId":21123,"idempotencyKey":"incident-21123","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:52.125532Z","receivedAt":"2026-05-15T20:53:52.146467Z"},{"id":4468,"fincertId":"FINCERT-2026-004468","incidentId":21122,"idempotencyKey":"incident-21122","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:52.092529Z","receivedAt":"2026-05-15T20:53:52.105509Z"},{"id":4467,"fincertId":"FINCERT-2026-004467","incidentId":21121,"idempotencyKey":"incident-21121","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:52.072062Z","receivedAt":"2026-05-15T20:53:52.086391Z"},{"id":4466,"fincertId":"FINCERT-2026-004466","incidentId":21120,"idempotencyKey":"incident-21120","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:52.053737Z","receivedAt":"2026-05-15T20:53:52.065739Z"},{"id":4465,"fincertId":"FINCERT-2026-004465","incidentId":21117,"idempotencyKey":"incident-21117","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:51.967784Z","receivedAt":"2026-05-15T20:53:51.994119Z"},{"id":4464,"fincertId":"FINCERT-2026-004464","incidentId":21111,"idempotencyKey":"incident-21111","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:51.870101Z","receivedAt":"2026-05-15T20:53:51.884440Z"},{"id":4463,"fincertId":"FINCERT-2026-004463","incidentId":21110,"idempotencyKey":"incident-21110","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:51.825915Z","receivedAt":"2026-05-15T20:53:51.854831Z"},{"id":4462,"fincertId":"FINCERT-2026-004462","incidentId":21107,"idempotencyKey":"incident-21107","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:51.756374Z","receivedAt":"2026-05-15T20:53:51.767549Z"},{"id":4461,"fincertId":"FINCERT-2026-004461","incidentId":21103,"idempotencyKey":"incident-21103","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:51.695095Z","receivedAt":"2026-05-15T20:53:51.707615Z"},{"id":4460,"fincertId":"FINCERT-2026-004460","incidentId":21102,"idempotencyKey":"incident-21102","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:51.678783Z","receivedAt":"2026-05-15T20:53:51.689435Z"},{"id":4459,"fincertId":"FINCERT-2026-004459","incidentId":21096,"idempotencyKey":"incident-21096","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:51.561422Z","receivedAt":"2026-05-15T20:53:51.573645Z"},{"id":4458,"fincertId":"FINCERT-2026-004458","incidentId":21095,"idempotencyKey":"incident-21095","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:51.542940Z","receivedAt":"2026-05-15T20:53:51.554866Z"},{"id":4457,"fincertId":"FINCERT-2026-004457","incidentId":21093,"idempotencyKey":"incident-21093","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:51.498928Z","receivedAt":"2026-05-15T20:53:51.511904Z"},{"id":4456,"fincertId":"FINCERT-2026-004456","incidentId":21089,"idempotencyKey":"incident-21089","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:51.401481Z","receivedAt":"2026-05-15T20:53:51.430462Z"},{"id":4455,"fincertId":"FINCERT-2026-004455","incidentId":21087,"idempotencyKey":"incident-21087","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:51.357800Z","receivedAt":"2026-05-15T20:53:51.380118Z"},{"id":4454,"fincertId":"FINCERT-2026-004454","incidentId":21086,"idempotencyKey":"incident-21086","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:51.323341Z","receivedAt":"2026-05-15T20:53:51.348164Z"},{"id":4453,"fincertId":"FINCERT-2026-004453","incidentId":21085,"idempotencyKey":"incident-21085","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:51.293696Z","receivedAt":"2026-05-15T20:53:51.314426Z"},{"id":4452,"fincertId":"FINCERT-2026-004452","incidentId":21083,"idempotencyKey":"incident-21083","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:51.257208Z","receivedAt":"2026-05-15T20:53:51.269322Z"},{"id":4451,"fincertId":"FINCERT-2026-004451","incidentId":21080,"idempotencyKey":"incident-21080","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:51.198797Z","receivedAt":"2026-05-15T20:53:51.210290Z"},{"id":4450,"fincertId":"FINCERT-2026-004450","incidentId":21071,"idempotencyKey":"incident-21071","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:51.052385Z","receivedAt":"2026-05-15T20:53:51.064050Z"},{"id":4449,"fincertId":"FINCERT-2026-004449","incidentId":21063,"idempotencyKey":"incident-21063","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:50.916223Z","receivedAt":"2026-05-15T20:53:50.926924Z"},{"id":4448,"fincertId":"FINCERT-2026-004448","incidentId":21062,"idempotencyKey":"incident-21062","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:50.897631Z","receivedAt":"2026-05-15T20:53:50.910232Z"},{"id":4447,"fincertId":"FINCERT-2026-004447","incidentId":21061,"idempotencyKey":"incident-21061","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:50.881404Z","receivedAt":"2026-05-15T20:53:50.891517Z"},{"id":4446,"fincertId":"FINCERT-2026-004446","incidentId":21059,"idempotencyKey":"incident-21059","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:50.849117Z","receivedAt":"2026-05-15T20:53:50.862454Z"},{"id":4445,"fincertId":"FINCERT-2026-004445","incidentId":21051,"idempotencyKey":"incident-21051","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:50.684758Z","receivedAt":"2026-05-15T20:53:50.698458Z"},{"id":4444,"fincertId":"FINCERT-2026-004444","incidentId":21047,"idempotencyKey":"incident-21047","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:50.577509Z","receivedAt":"2026-05-15T20:53:50.594154Z"},{"id":4443,"fincertId":"FINCERT-2026-004443","incidentId":21046,"idempotencyKey":"incident-21046","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:50.550670Z","receivedAt":"2026-05-15T20:53:50.563910Z"},{"id":4442,"fincertId":"FINCERT-2026-004442","incidentId":21045,"idempotencyKey":"incident-21045","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:50.530824Z","receivedAt":"2026-05-15T20:53:50.543452Z"},{"id":4441,"fincertId":"FINCERT-2026-004441","incidentId":21041,"idempotencyKey":"incident-21041","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:50.415048Z","receivedAt":"2026-05-15T20:53:50.428583Z"},{"id":4440,"fincertId":"FINCERT-2026-004440","incidentId":21016,"idempotencyKey":"incident-21016","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:49.891299Z","receivedAt":"2026-05-15T20:53:49.911517Z"},{"id":4439,"fincertId":"FINCERT-2026-004439","incidentId":21015,"idempotencyKey":"incident-21015","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:49.863582Z","receivedAt":"2026-05-15T20:53:49.877346Z"},{"id":4438,"fincertId":"FINCERT-2026-004438","incidentId":21007,"idempotencyKey":"incident-21007","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:49.690739Z","receivedAt":"2026-05-15T20:53:49.706777Z"},{"id":4437,"fincertId":"FINCERT-2026-004437","incidentId":21002,"idempotencyKey":"incident-21002","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:49.574224Z","receivedAt":"2026-05-15T20:53:49.593369Z"},{"id":4436,"fincertId":"FINCERT-2026-004436","incidentId":20997,"idempotencyKey":"incident-20997","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:49.448027Z","receivedAt":"2026-05-15T20:53:49.469501Z"},{"id":4435,"fincertId":"FINCERT-2026-004435","incidentId":20993,"idempotencyKey":"incident-20993","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:49.355689Z","receivedAt":"2026-05-15T20:53:49.374213Z"},{"id":4434,"fincertId":"FINCERT-2026-004434","incidentId":20991,"idempotencyKey":"incident-20991","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:49.295624Z","receivedAt":"2026-05-15T20:53:49.316547Z"},{"id":4433,"fincertId":"FINCERT-2026-004433","incidentId":20989,"idempotencyKey":"incident-20989","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:49.256128Z","receivedAt":"2026-05-15T20:53:49.269428Z"},{"id":4432,"fincertId":"FINCERT-2026-004432","incidentId":20985,"idempotencyKey":"incident-20985","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:49.184395Z","receivedAt":"2026-05-15T20:53:49.197489Z"},{"id":4431,"fincertId":"FINCERT-2026-004431","incidentId":20983,"idempotencyKey":"incident-20983","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:49.124735Z","receivedAt":"2026-05-15T20:53:49.150573Z"},{"id":4430,"fincertId":"FINCERT-2026-004430","incidentId":20981,"idempotencyKey":"incident-20981","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:49.066784Z","receivedAt":"2026-05-15T20:53:49.091946Z"},{"id":4429,"fincertId":"FINCERT-2026-004429","incidentId":20966,"idempotencyKey":"incident-20966","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:48.705398Z","receivedAt":"2026-05-15T20:53:48.718455Z"},{"id":4428,"fincertId":"FINCERT-2026-004428","incidentId":20959,"idempotencyKey":"incident-20959","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:48.514159Z","receivedAt":"2026-05-15T20:53:48.540771Z"},{"id":4427,"fincertId":"FINCERT-2026-004427","incidentId":20957,"idempotencyKey":"incident-20957","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:48.443567Z","receivedAt":"2026-05-15T20:53:48.462226Z"},{"id":4426,"fincertId":"FINCERT-2026-004426","incidentId":20951,"idempotencyKey":"incident-20951","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:48.315468Z","receivedAt":"2026-05-15T20:53:48.343632Z"},{"id":4425,"fincertId":"FINCERT-2026-004425","incidentId":20949,"idempotencyKey":"incident-20949","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:48.270935Z","receivedAt":"2026-05-15T20:53:48.281982Z"},{"id":4424,"fincertId":"FINCERT-2026-004424","incidentId":20948,"idempotencyKey":"incident-20948","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:48.247358Z","receivedAt":"2026-05-15T20:53:48.258031Z"},{"id":4423,"fincertId":"FINCERT-2026-004423","incidentId":20945,"idempotencyKey":"incident-20945","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:48.198285Z","receivedAt":"2026-05-15T20:53:48.209867Z"},{"id":4422,"fincertId":"FINCERT-2026-004422","incidentId":20944,"idempotencyKey":"incident-20944","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:48.178573Z","receivedAt":"2026-05-15T20:53:48.191599Z"},{"id":4421,"fincertId":"FINCERT-2026-004421","incidentId":20943,"idempotencyKey":"incident-20943","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:48.154868Z","receivedAt":"2026-05-15T20:53:48.171571Z"},{"id":4420,"fincertId":"FINCERT-2026-004420","incidentId":20941,"idempotencyKey":"incident-20941","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:48.104780Z","receivedAt":"2026-05-15T20:53:48.121013Z"},{"id":4419,"fincertId":"FINCERT-2026-004419","incidentId":20937,"idempotencyKey":"incident-20937","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:48.025280Z","receivedAt":"2026-05-15T20:53:48.040679Z"},{"id":4418,"fincertId":"FINCERT-2026-004418","incidentId":20936,"idempotencyKey":"incident-20936","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:47.985767Z","receivedAt":"2026-05-15T20:53:48.014059Z"},{"id":4417,"fincertId":"FINCERT-2026-004417","incidentId":20934,"idempotencyKey":"incident-20934","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:47.936927Z","receivedAt":"2026-05-15T20:53:47.949162Z"},{"id":4416,"fincertId":"FINCERT-2026-004416","incidentId":20931,"idempotencyKey":"incident-20931","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:47.886831Z","receivedAt":"2026-05-15T20:53:47.900504Z"},{"id":4415,"fincertId":"FINCERT-2026-004415","incidentId":20926,"idempotencyKey":"incident-20926","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:47.778254Z","receivedAt":"2026-05-15T20:53:47.791752Z"},{"id":4414,"fincertId":"FINCERT-2026-004414","incidentId":20925,"idempotencyKey":"incident-20925","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:47.755566Z","receivedAt":"2026-05-15T20:53:47.769936Z"},{"id":4413,"fincertId":"FINCERT-2026-004413","incidentId":20921,"idempotencyKey":"incident-20921","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:47.672240Z","receivedAt":"2026-05-15T20:53:47.695927Z"},{"id":4412,"fincertId":"FINCERT-2026-004412","incidentId":20920,"idempotencyKey":"incident-20920","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:47.648343Z","receivedAt":"2026-05-15T20:53:47.664649Z"},{"id":4411,"fincertId":"FINCERT-2026-004411","incidentId":20919,"idempotencyKey":"incident-20919","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:47.611556Z","receivedAt":"2026-05-15T20:53:47.636065Z"},{"id":4410,"fincertId":"FINCERT-2026-004410","incidentId":20917,"idempotencyKey":"incident-20917","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:47.562693Z","receivedAt":"2026-05-15T20:53:47.575648Z"},{"id":4409,"fincertId":"FINCERT-2026-004409","incidentId":20914,"idempotencyKey":"incident-20914","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:47.456527Z","receivedAt":"2026-05-15T20:53:47.481532Z"},{"id":4408,"fincertId":"FINCERT-2026-004408","incidentId":20912,"idempotencyKey":"incident-20912","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:47.416458Z","receivedAt":"2026-05-15T20:53:47.427860Z"},{"id":4407,"fincertId":"FINCERT-2026-004407","incidentId":20911,"idempotencyKey":"incident-20911","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:47.385665Z","receivedAt":"2026-05-15T20:53:47.400301Z"},{"id":4406,"fincertId":"FINCERT-2026-004406","incidentId":20908,"idempotencyKey":"incident-20908","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:47.309904Z","receivedAt":"2026-05-15T20:53:47.339828Z"},{"id":4405,"fincertId":"FINCERT-2026-004405","incidentId":20906,"idempotencyKey":"incident-20906","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:47.264435Z","receivedAt":"2026-05-15T20:53:47.278131Z"},{"id":4404,"fincertId":"FINCERT-2026-004404","incidentId":20898,"idempotencyKey":"incident-20898","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:47.132341Z","receivedAt":"2026-05-15T20:53:47.149288Z"},{"id":4403,"fincertId":"FINCERT-2026-004403","incidentId":20896,"idempotencyKey":"incident-20896","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:47.076660Z","receivedAt":"2026-05-15T20:53:47.094774Z"},{"id":4402,"fincertId":"FINCERT-2026-004402","incidentId":20886,"idempotencyKey":"incident-20886","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:46.767689Z","receivedAt":"2026-05-15T20:53:46.792305Z"},{"id":4401,"fincertId":"FINCERT-2026-004401","incidentId":20882,"idempotencyKey":"incident-20882","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:46.693161Z","receivedAt":"2026-05-15T20:53:46.706508Z"},{"id":4400,"fincertId":"FINCERT-2026-004400","incidentId":20876,"idempotencyKey":"incident-20876","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:46.581593Z","receivedAt":"2026-05-15T20:53:46.595227Z"},{"id":4399,"fincertId":"FINCERT-2026-004399","incidentId":20875,"idempotencyKey":"incident-20875","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:46.561165Z","receivedAt":"2026-05-15T20:53:46.573693Z"},{"id":4398,"fincertId":"FINCERT-2026-004398","incidentId":20874,"idempotencyKey":"incident-20874","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:46.537375Z","receivedAt":"2026-05-15T20:53:46.548586Z"},{"id":4397,"fincertId":"FINCERT-2026-004397","incidentId":20868,"idempotencyKey":"incident-20868","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:46.425203Z","receivedAt":"2026-05-15T20:53:46.437968Z"},{"id":4396,"fincertId":"FINCERT-2026-004396","incidentId":20865,"idempotencyKey":"incident-20865","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:46.376166Z","receivedAt":"2026-05-15T20:53:46.388807Z"},{"id":4395,"fincertId":"FINCERT-2026-004395","incidentId":20862,"idempotencyKey":"incident-20862","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:46.324661Z","receivedAt":"2026-05-15T20:53:46.342160Z"},{"id":4394,"fincertId":"FINCERT-2026-004394","incidentId":20860,"idempotencyKey":"incident-20860","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:46.289465Z","receivedAt":"2026-05-15T20:53:46.301086Z"},{"id":4393,"fincertId":"FINCERT-2026-004393","incidentId":20858,"idempotencyKey":"incident-20858","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:46.251501Z","receivedAt":"2026-05-15T20:53:46.262468Z"},{"id":4392,"fincertId":"FINCERT-2026-004392","incidentId":20855,"idempotencyKey":"incident-20855","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:46.205493Z","receivedAt":"2026-05-15T20:53:46.217048Z"},{"id":4391,"fincertId":"FINCERT-2026-004391","incidentId":20853,"idempotencyKey":"incident-20853","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:46.173005Z","receivedAt":"2026-05-15T20:53:46.186467Z"},{"id":4390,"fincertId":"FINCERT-2026-004390","incidentId":20851,"idempotencyKey":"incident-20851","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:46.122954Z","receivedAt":"2026-05-15T20:53:46.149805Z"},{"id":4389,"fincertId":"FINCERT-2026-004389","incidentId":20844,"idempotencyKey":"incident-20844","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:46.012542Z","receivedAt":"2026-05-15T20:53:46.029377Z"},{"id":4388,"fincertId":"FINCERT-2026-004388","incidentId":20839,"idempotencyKey":"incident-20839","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:45.917541Z","receivedAt":"2026-05-15T20:53:45.928457Z"},{"id":4387,"fincertId":"FINCERT-2026-004387","incidentId":20838,"idempotencyKey":"incident-20838","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:45.893947Z","receivedAt":"2026-05-15T20:53:45.905404Z"},{"id":4386,"fincertId":"FINCERT-2026-004386","incidentId":20836,"idempotencyKey":"incident-20836","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:45.863155Z","receivedAt":"2026-05-15T20:53:45.874119Z"},{"id":4385,"fincertId":"FINCERT-2026-004385","incidentId":20829,"idempotencyKey":"incident-20829","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:45.746065Z","receivedAt":"2026-05-15T20:53:45.759315Z"},{"id":4384,"fincertId":"FINCERT-2026-004384","incidentId":20828,"idempotencyKey":"incident-20828","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:45.719859Z","receivedAt":"2026-05-15T20:53:45.733677Z"},{"id":4383,"fincertId":"FINCERT-2026-004383","incidentId":20826,"idempotencyKey":"incident-20826","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:45.687917Z","receivedAt":"2026-05-15T20:53:45.699803Z"},{"id":4382,"fincertId":"FINCERT-2026-004382","incidentId":20824,"idempotencyKey":"incident-20824","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:45.650712Z","receivedAt":"2026-05-15T20:53:45.669027Z"},{"id":4381,"fincertId":"FINCERT-2026-004381","incidentId":20823,"idempotencyKey":"incident-20823","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:45.599099Z","receivedAt":"2026-05-15T20:53:45.631825Z"},{"id":4380,"fincertId":"FINCERT-2026-004380","incidentId":20822,"idempotencyKey":"incident-20822","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:45.564697Z","receivedAt":"2026-05-15T20:53:45.583846Z"},{"id":4379,"fincertId":"FINCERT-2026-004379","incidentId":20820,"idempotencyKey":"incident-20820","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:45.528824Z","receivedAt":"2026-05-15T20:53:45.543671Z"},{"id":4378,"fincertId":"FINCERT-2026-004378","incidentId":20817,"idempotencyKey":"incident-20817","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:45.450594Z","receivedAt":"2026-05-15T20:53:45.469033Z"},{"id":4377,"fincertId":"FINCERT-2026-004377","incidentId":20816,"idempotencyKey":"incident-20816","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:45.431703Z","receivedAt":"2026-05-15T20:53:45.443924Z"},{"id":4376,"fincertId":"FINCERT-2026-004376","incidentId":20811,"idempotencyKey":"incident-20811","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:45.358722Z","receivedAt":"2026-05-15T20:53:45.369417Z"},{"id":4375,"fincertId":"FINCERT-2026-004375","incidentId":20808,"idempotencyKey":"incident-20808","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:45.306614Z","receivedAt":"2026-05-15T20:53:45.325529Z"},{"id":4374,"fincertId":"FINCERT-2026-004374","incidentId":20806,"idempotencyKey":"incident-20806","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:45.269077Z","receivedAt":"2026-05-15T20:53:45.279972Z"},{"id":4373,"fincertId":"FINCERT-2026-004373","incidentId":20802,"idempotencyKey":"incident-20802","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:45.199964Z","receivedAt":"2026-05-15T20:53:45.215877Z"},{"id":4372,"fincertId":"FINCERT-2026-004372","incidentId":20801,"idempotencyKey":"incident-20801","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:45.136166Z","receivedAt":"2026-05-15T20:53:45.189484Z"},{"id":4371,"fincertId":"FINCERT-2026-004371","incidentId":20800,"idempotencyKey":"incident-20800","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:45.107411Z","receivedAt":"2026-05-15T20:53:45.124651Z"},{"id":4370,"fincertId":"FINCERT-2026-004370","incidentId":20799,"idempotencyKey":"incident-20799","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:45.076877Z","receivedAt":"2026-05-15T20:53:45.089900Z"},{"id":4369,"fincertId":"FINCERT-2026-004369","incidentId":20798,"idempotencyKey":"incident-20798","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:45.040488Z","receivedAt":"2026-05-15T20:53:45.058876Z"},{"id":4368,"fincertId":"FINCERT-2026-004368","incidentId":20790,"idempotencyKey":"incident-20790","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:44.846965Z","receivedAt":"2026-05-15T20:53:44.871459Z"},{"id":4367,"fincertId":"FINCERT-2026-004367","incidentId":20787,"idempotencyKey":"incident-20787","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:44.757470Z","receivedAt":"2026-05-15T20:53:44.776018Z"},{"id":4366,"fincertId":"FINCERT-2026-004366","incidentId":20775,"idempotencyKey":"incident-20775","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:44.523043Z","receivedAt":"2026-05-15T20:53:44.543410Z"},{"id":4365,"fincertId":"FINCERT-2026-004365","incidentId":20773,"idempotencyKey":"incident-20773","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:44.437407Z","receivedAt":"2026-05-15T20:53:44.453476Z"},{"id":4364,"fincertId":"FINCERT-2026-004364","incidentId":20768,"idempotencyKey":"incident-20768","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:44.320381Z","receivedAt":"2026-05-15T20:53:44.344996Z"},{"id":4363,"fincertId":"FINCERT-2026-004363","incidentId":20764,"idempotencyKey":"incident-20764","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:44.253414Z","receivedAt":"2026-05-15T20:53:44.265107Z"},{"id":4362,"fincertId":"FINCERT-2026-004362","incidentId":20763,"idempotencyKey":"incident-20763","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:44.234348Z","receivedAt":"2026-05-15T20:53:44.246999Z"},{"id":4361,"fincertId":"FINCERT-2026-004361","incidentId":20757,"idempotencyKey":"incident-20757","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:44.135968Z","receivedAt":"2026-05-15T20:53:44.153692Z"},{"id":4360,"fincertId":"FINCERT-2026-004360","incidentId":20752,"idempotencyKey":"incident-20752","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:44.039898Z","receivedAt":"2026-05-15T20:53:44.054854Z"},{"id":4359,"fincertId":"FINCERT-2026-004359","incidentId":20749,"idempotencyKey":"incident-20749","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:43.975317Z","receivedAt":"2026-05-15T20:53:43.997227Z"},{"id":4358,"fincertId":"FINCERT-2026-004358","incidentId":20739,"idempotencyKey":"incident-20739","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:43.808097Z","receivedAt":"2026-05-15T20:53:43.828358Z"},{"id":4357,"fincertId":"FINCERT-2026-004357","incidentId":20737,"idempotencyKey":"incident-20737","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:43.772959Z","receivedAt":"2026-05-15T20:53:43.785598Z"},{"id":4356,"fincertId":"FINCERT-2026-004356","incidentId":20736,"idempotencyKey":"incident-20736","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:43.754515Z","receivedAt":"2026-05-15T20:53:43.766098Z"},{"id":4355,"fincertId":"FINCERT-2026-004355","incidentId":20733,"idempotencyKey":"incident-20733","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:43.707096Z","receivedAt":"2026-05-15T20:53:43.717923Z"},{"id":4354,"fincertId":"FINCERT-2026-004354","incidentId":20732,"idempotencyKey":"incident-20732","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:43.680820Z","receivedAt":"2026-05-15T20:53:43.696947Z"},{"id":4353,"fincertId":"FINCERT-2026-004353","incidentId":20726,"idempotencyKey":"incident-20726","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:43.556897Z","receivedAt":"2026-05-15T20:53:43.567757Z"},{"id":4352,"fincertId":"FINCERT-2026-004352","incidentId":20721,"idempotencyKey":"incident-20721","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:43.434613Z","receivedAt":"2026-05-15T20:53:43.448436Z"},{"id":4351,"fincertId":"FINCERT-2026-004351","incidentId":20720,"idempotencyKey":"incident-20720","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:43.406766Z","receivedAt":"2026-05-15T20:53:43.420053Z"},{"id":4350,"fincertId":"FINCERT-2026-004350","incidentId":20717,"idempotencyKey":"incident-20717","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:43.339902Z","receivedAt":"2026-05-15T20:53:43.359123Z"},{"id":4349,"fincertId":"FINCERT-2026-004349","incidentId":20711,"idempotencyKey":"incident-20711","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:43.194914Z","receivedAt":"2026-05-15T20:53:43.208844Z"},{"id":4348,"fincertId":"FINCERT-2026-004348","incidentId":20710,"idempotencyKey":"incident-20710","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:43.156589Z","receivedAt":"2026-05-15T20:53:43.176572Z"},{"id":4347,"fincertId":"FINCERT-2026-004347","incidentId":20708,"idempotencyKey":"incident-20708","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:43.095849Z","receivedAt":"2026-05-15T20:53:43.118059Z"},{"id":4346,"fincertId":"FINCERT-2026-004346","incidentId":20704,"idempotencyKey":"incident-20704","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:42.949841Z","receivedAt":"2026-05-15T20:53:42.981964Z"},{"id":4345,"fincertId":"FINCERT-2026-004345","incidentId":20702,"idempotencyKey":"incident-20702","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:42.911680Z","receivedAt":"2026-05-15T20:53:42.924164Z"},{"id":4344,"fincertId":"FINCERT-2026-004344","incidentId":20696,"idempotencyKey":"incident-20696","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:42.800952Z","receivedAt":"2026-05-15T20:53:42.822110Z"},{"id":4343,"fincertId":"FINCERT-2026-004343","incidentId":20694,"idempotencyKey":"incident-20694","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:42.768832Z","receivedAt":"2026-05-15T20:53:42.780902Z"},{"id":4342,"fincertId":"FINCERT-2026-004342","incidentId":20692,"idempotencyKey":"incident-20692","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:42.717Z","receivedAt":"2026-05-15T20:53:42.734993Z"},{"id":4341,"fincertId":"FINCERT-2026-004341","incidentId":20689,"idempotencyKey":"incident-20689","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:42.616110Z","receivedAt":"2026-05-15T20:53:42.650030Z"},{"id":4340,"fincertId":"FINCERT-2026-004340","incidentId":20688,"idempotencyKey":"incident-20688","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:42.566558Z","receivedAt":"2026-05-15T20:53:42.595530Z"},{"id":4339,"fincertId":"FINCERT-2026-004339","incidentId":20685,"idempotencyKey":"incident-20685","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:42.508678Z","receivedAt":"2026-05-15T20:53:42.527445Z"},{"id":4338,"fincertId":"FINCERT-2026-004338","incidentId":20683,"idempotencyKey":"incident-20683","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:42.456561Z","receivedAt":"2026-05-15T20:53:42.477141Z"},{"id":4337,"fincertId":"FINCERT-2026-004337","incidentId":20681,"idempotencyKey":"incident-20681","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:42.420904Z","receivedAt":"2026-05-15T20:53:42.433499Z"},{"id":4336,"fincertId":"FINCERT-2026-004336","incidentId":20680,"idempotencyKey":"incident-20680","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:42.396805Z","receivedAt":"2026-05-15T20:53:42.412456Z"},{"id":4335,"fincertId":"FINCERT-2026-004335","incidentId":20673,"idempotencyKey":"incident-20673","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:42.237812Z","receivedAt":"2026-05-15T20:53:42.251816Z"},{"id":4334,"fincertId":"FINCERT-2026-004334","incidentId":20668,"idempotencyKey":"incident-20668","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:42.062744Z","receivedAt":"2026-05-15T20:53:42.081135Z"},{"id":4333,"fincertId":"FINCERT-2026-004333","incidentId":20666,"idempotencyKey":"incident-20666","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:41.978895Z","receivedAt":"2026-05-15T20:53:42.000695Z"},{"id":4332,"fincertId":"FINCERT-2026-004332","incidentId":20663,"idempotencyKey":"incident-20663","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.928074Z","receivedAt":"2026-05-15T20:53:41.938882Z"},{"id":4331,"fincertId":"FINCERT-2026-004331","incidentId":20658,"idempotencyKey":"incident-20658","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.838473Z","receivedAt":"2026-05-15T20:53:41.864761Z"},{"id":4330,"fincertId":"FINCERT-2026-004330","incidentId":20657,"idempotencyKey":"incident-20657","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.801152Z","receivedAt":"2026-05-15T20:53:41.823700Z"},{"id":4329,"fincertId":"FINCERT-2026-004329","incidentId":20655,"idempotencyKey":"incident-20655","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.763473Z","receivedAt":"2026-05-15T20:53:41.781420Z"},{"id":4328,"fincertId":"FINCERT-2026-004328","incidentId":20654,"idempotencyKey":"incident-20654","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:41.721524Z","receivedAt":"2026-05-15T20:53:41.735625Z"},{"id":4327,"fincertId":"FINCERT-2026-004327","incidentId":20652,"idempotencyKey":"incident-20652","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.677560Z","receivedAt":"2026-05-15T20:53:41.693701Z"},{"id":4326,"fincertId":"FINCERT-2026-004326","incidentId":20648,"idempotencyKey":"incident-20648","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:41.584127Z","receivedAt":"2026-05-15T20:53:41.596770Z"},{"id":4325,"fincertId":"FINCERT-2026-004325","incidentId":20646,"idempotencyKey":"incident-20646","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:41.544105Z","receivedAt":"2026-05-15T20:53:41.556335Z"},{"id":4324,"fincertId":"FINCERT-2026-004324","incidentId":20645,"idempotencyKey":"incident-20645","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.528076Z","receivedAt":"2026-05-15T20:53:41.538773Z"},{"id":4323,"fincertId":"FINCERT-2026-004323","incidentId":20643,"idempotencyKey":"incident-20643","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:41.496194Z","receivedAt":"2026-05-15T20:53:41.509717Z"},{"id":4322,"fincertId":"FINCERT-2026-004322","incidentId":20642,"idempotencyKey":"incident-20642","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.470059Z","receivedAt":"2026-05-15T20:53:41.488513Z"},{"id":4321,"fincertId":"FINCERT-2026-004321","incidentId":20641,"idempotencyKey":"incident-20641","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.447538Z","receivedAt":"2026-05-15T20:53:41.461970Z"},{"id":4320,"fincertId":"FINCERT-2026-004320","incidentId":20640,"idempotencyKey":"incident-20640","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.428533Z","receivedAt":"2026-05-15T20:53:41.440468Z"},{"id":4319,"fincertId":"FINCERT-2026-004319","incidentId":20638,"idempotencyKey":"incident-20638","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:41.399122Z","receivedAt":"2026-05-15T20:53:41.409563Z"},{"id":4318,"fincertId":"FINCERT-2026-004318","incidentId":20634,"idempotencyKey":"incident-20634","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:41.339448Z","receivedAt":"2026-05-15T20:53:41.351085Z"},{"id":4317,"fincertId":"FINCERT-2026-004317","incidentId":20632,"idempotencyKey":"incident-20632","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:41.297786Z","receivedAt":"2026-05-15T20:53:41.311094Z"},{"id":4316,"fincertId":"FINCERT-2026-004316","incidentId":20627,"idempotencyKey":"incident-20627","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:41.194580Z","receivedAt":"2026-05-15T20:53:41.206649Z"},{"id":4315,"fincertId":"FINCERT-2026-004315","incidentId":20626,"idempotencyKey":"incident-20626","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:41.170002Z","receivedAt":"2026-05-15T20:53:41.187520Z"},{"id":4314,"fincertId":"FINCERT-2026-004314","incidentId":20624,"idempotencyKey":"incident-20624","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:41.095650Z","receivedAt":"2026-05-15T20:53:41.110088Z"},{"id":4313,"fincertId":"FINCERT-2026-004313","incidentId":20623,"idempotencyKey":"incident-20623","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:41.058221Z","receivedAt":"2026-05-15T20:53:41.086149Z"},{"id":4312,"fincertId":"FINCERT-2026-004312","incidentId":20620,"idempotencyKey":"incident-20620","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.989129Z","receivedAt":"2026-05-15T20:53:41.012772Z"},{"id":4311,"fincertId":"FINCERT-2026-004311","incidentId":20613,"idempotencyKey":"incident-20613","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:40.831403Z","receivedAt":"2026-05-15T20:53:40.857208Z"},{"id":4310,"fincertId":"FINCERT-2026-004310","incidentId":20611,"idempotencyKey":"incident-20611","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.785541Z","receivedAt":"2026-05-15T20:53:40.797590Z"},{"id":4309,"fincertId":"FINCERT-2026-004309","incidentId":20609,"idempotencyKey":"incident-20609","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:40.747864Z","receivedAt":"2026-05-15T20:53:40.761782Z"},{"id":4308,"fincertId":"FINCERT-2026-004308","incidentId":20605,"idempotencyKey":"incident-20605","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.678868Z","receivedAt":"2026-05-15T20:53:40.693884Z"},{"id":4307,"fincertId":"FINCERT-2026-004307","incidentId":20602,"idempotencyKey":"incident-20602","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.631770Z","receivedAt":"2026-05-15T20:53:40.645071Z"},{"id":4306,"fincertId":"FINCERT-2026-004306","incidentId":20599,"idempotencyKey":"incident-20599","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.575878Z","receivedAt":"2026-05-15T20:53:40.591495Z"},{"id":4305,"fincertId":"FINCERT-2026-004305","incidentId":20598,"idempotencyKey":"incident-20598","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:40.558536Z","receivedAt":"2026-05-15T20:53:40.570070Z"},{"id":4304,"fincertId":"FINCERT-2026-004304","incidentId":20596,"idempotencyKey":"incident-20596","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:40.528605Z","receivedAt":"2026-05-15T20:53:40.539761Z"},{"id":4303,"fincertId":"FINCERT-2026-004303","incidentId":20593,"idempotencyKey":"incident-20593","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:40.451602Z","receivedAt":"2026-05-15T20:53:40.477024Z"},{"id":4302,"fincertId":"FINCERT-2026-004302","incidentId":20587,"idempotencyKey":"incident-20587","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.284381Z","receivedAt":"2026-05-15T20:53:40.297092Z"},{"id":4301,"fincertId":"FINCERT-2026-004301","incidentId":20585,"idempotencyKey":"incident-20585","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.251291Z","receivedAt":"2026-05-15T20:53:40.263360Z"},{"id":4300,"fincertId":"FINCERT-2026-004300","incidentId":20577,"idempotencyKey":"incident-20577","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.107613Z","receivedAt":"2026-05-15T20:53:40.133943Z"},{"id":4299,"fincertId":"FINCERT-2026-004299","incidentId":20575,"idempotencyKey":"incident-20575","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:40.053849Z","receivedAt":"2026-05-15T20:53:40.067037Z"},{"id":4298,"fincertId":"FINCERT-2026-004298","incidentId":20573,"idempotencyKey":"incident-20573","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:40.016638Z","receivedAt":"2026-05-15T20:53:40.030819Z"},{"id":4297,"fincertId":"FINCERT-2026-004297","incidentId":20571,"idempotencyKey":"incident-20571","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:39.978574Z","receivedAt":"2026-05-15T20:53:39.994427Z"},{"id":4296,"fincertId":"FINCERT-2026-004296","incidentId":20569,"idempotencyKey":"incident-20569","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:39.937066Z","receivedAt":"2026-05-15T20:53:39.950755Z"},{"id":4295,"fincertId":"FINCERT-2026-004295","incidentId":20567,"idempotencyKey":"incident-20567","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:39.900947Z","receivedAt":"2026-05-15T20:53:39.914357Z"},{"id":4294,"fincertId":"FINCERT-2026-004294","incidentId":20565,"idempotencyKey":"incident-20565","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:39.854622Z","receivedAt":"2026-05-15T20:53:39.877146Z"},{"id":4293,"fincertId":"FINCERT-2026-004293","incidentId":20559,"idempotencyKey":"incident-20559","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:39.725894Z","receivedAt":"2026-05-15T20:53:39.737596Z"},{"id":4292,"fincertId":"FINCERT-2026-004292","incidentId":20546,"idempotencyKey":"incident-20546","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:39.492292Z","receivedAt":"2026-05-15T20:53:39.514912Z"},{"id":4291,"fincertId":"FINCERT-2026-004291","incidentId":20542,"idempotencyKey":"incident-20542","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:39.390837Z","receivedAt":"2026-05-15T20:53:39.403946Z"},{"id":4290,"fincertId":"FINCERT-2026-004290","incidentId":20541,"idempotencyKey":"incident-20541","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:39.369928Z","receivedAt":"2026-05-15T20:53:39.384068Z"},{"id":4289,"fincertId":"FINCERT-2026-004289","incidentId":20540,"idempotencyKey":"incident-20540","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:39.337305Z","receivedAt":"2026-05-15T20:53:39.360941Z"},{"id":4288,"fincertId":"FINCERT-2026-004288","incidentId":20532,"idempotencyKey":"incident-20532","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:39.176191Z","receivedAt":"2026-05-15T20:53:39.192949Z"},{"id":4287,"fincertId":"FINCERT-2026-004287","incidentId":20531,"idempotencyKey":"incident-20531","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:39.153600Z","receivedAt":"2026-05-15T20:53:39.169552Z"},{"id":4286,"fincertId":"FINCERT-2026-004286","incidentId":20530,"idempotencyKey":"incident-20530","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:39.124282Z","receivedAt":"2026-05-15T20:53:39.146010Z"},{"id":4285,"fincertId":"FINCERT-2026-004285","incidentId":20525,"idempotencyKey":"incident-20525","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:38.962349Z","receivedAt":"2026-05-15T20:53:38.986429Z"},{"id":4284,"fincertId":"FINCERT-2026-004284","incidentId":20524,"idempotencyKey":"incident-20524","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:38.941952Z","receivedAt":"2026-05-15T20:53:38.954809Z"},{"id":4283,"fincertId":"FINCERT-2026-004283","incidentId":20523,"idempotencyKey":"incident-20523","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:38.921451Z","receivedAt":"2026-05-15T20:53:38.935206Z"},{"id":4282,"fincertId":"FINCERT-2026-004282","incidentId":20514,"idempotencyKey":"incident-20514","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:38.750104Z","receivedAt":"2026-05-15T20:53:38.764342Z"},{"id":4281,"fincertId":"FINCERT-2026-004281","incidentId":20511,"idempotencyKey":"incident-20511","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:38.689985Z","receivedAt":"2026-05-15T20:53:38.703944Z"},{"id":4280,"fincertId":"FINCERT-2026-004280","incidentId":20509,"idempotencyKey":"incident-20509","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:38.654917Z","receivedAt":"2026-05-15T20:53:38.667749Z"},{"id":4279,"fincertId":"FINCERT-2026-004279","incidentId":20503,"idempotencyKey":"incident-20503","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:38.553360Z","receivedAt":"2026-05-15T20:53:38.565762Z"},{"id":4278,"fincertId":"FINCERT-2026-004278","incidentId":20497,"idempotencyKey":"incident-20497","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:38.432381Z","receivedAt":"2026-05-15T20:53:38.446923Z"},{"id":4277,"fincertId":"FINCERT-2026-004277","incidentId":20484,"idempotencyKey":"incident-20484","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:38.143907Z","receivedAt":"2026-05-15T20:53:38.156438Z"},{"id":4276,"fincertId":"FINCERT-2026-004276","incidentId":20483,"idempotencyKey":"incident-20483","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:38.115093Z","receivedAt":"2026-05-15T20:53:38.134682Z"},{"id":4275,"fincertId":"FINCERT-2026-004275","incidentId":20479,"idempotencyKey":"incident-20479","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:38.040927Z","receivedAt":"2026-05-15T20:53:38.056255Z"},{"id":4274,"fincertId":"FINCERT-2026-004274","incidentId":20476,"idempotencyKey":"incident-20476","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:37.941124Z","receivedAt":"2026-05-15T20:53:37.959140Z"},{"id":4273,"fincertId":"FINCERT-2026-004273","incidentId":20473,"idempotencyKey":"incident-20473","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:37.864820Z","receivedAt":"2026-05-15T20:53:37.900829Z"},{"id":4272,"fincertId":"FINCERT-2026-004272","incidentId":20470,"idempotencyKey":"incident-20470","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:37.771493Z","receivedAt":"2026-05-15T20:53:37.787464Z"},{"id":4271,"fincertId":"FINCERT-2026-004271","incidentId":20469,"idempotencyKey":"incident-20469","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:37.747722Z","receivedAt":"2026-05-15T20:53:37.763505Z"},{"id":4270,"fincertId":"FINCERT-2026-004270","incidentId":20465,"idempotencyKey":"incident-20465","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:37.657598Z","receivedAt":"2026-05-15T20:53:37.684362Z"},{"id":4269,"fincertId":"FINCERT-2026-004269","incidentId":20460,"idempotencyKey":"incident-20460","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:37.543396Z","receivedAt":"2026-05-15T20:53:37.556073Z"},{"id":4268,"fincertId":"FINCERT-2026-004268","incidentId":20456,"idempotencyKey":"incident-20456","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:37.473829Z","receivedAt":"2026-05-15T20:53:37.493998Z"},{"id":4267,"fincertId":"FINCERT-2026-004267","incidentId":20455,"idempotencyKey":"incident-20455","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:37.437876Z","receivedAt":"2026-05-15T20:53:37.448483Z"},{"id":4266,"fincertId":"FINCERT-2026-004266","incidentId":20450,"idempotencyKey":"incident-20450","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:37.363513Z","receivedAt":"2026-05-15T20:53:37.375899Z"},{"id":4265,"fincertId":"FINCERT-2026-004265","incidentId":20449,"idempotencyKey":"incident-20449","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:37.342299Z","receivedAt":"2026-05-15T20:53:37.356472Z"},{"id":4264,"fincertId":"FINCERT-2026-004264","incidentId":20444,"idempotencyKey":"incident-20444","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:37.255567Z","receivedAt":"2026-05-15T20:53:37.267223Z"},{"id":4263,"fincertId":"FINCERT-2026-004263","incidentId":20438,"idempotencyKey":"incident-20438","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:37.164549Z","receivedAt":"2026-05-15T20:53:37.176760Z"},{"id":4262,"fincertId":"FINCERT-2026-004262","incidentId":20435,"idempotencyKey":"incident-20435","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:37.094030Z","receivedAt":"2026-05-15T20:53:37.108739Z"},{"id":4261,"fincertId":"FINCERT-2026-004261","incidentId":20433,"idempotencyKey":"incident-20433","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:37.053689Z","receivedAt":"2026-05-15T20:53:37.069789Z"},{"id":4260,"fincertId":"FINCERT-2026-004260","incidentId":20427,"idempotencyKey":"incident-20427","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:36.925567Z","receivedAt":"2026-05-15T20:53:36.939653Z"},{"id":4259,"fincertId":"FINCERT-2026-004259","incidentId":20426,"idempotencyKey":"incident-20426","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:36.902943Z","receivedAt":"2026-05-15T20:53:36.917459Z"},{"id":4258,"fincertId":"FINCERT-2026-004258","incidentId":20419,"idempotencyKey":"incident-20419","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:36.777687Z","receivedAt":"2026-05-15T20:53:36.788727Z"},{"id":4257,"fincertId":"FINCERT-2026-004257","incidentId":20414,"idempotencyKey":"incident-20414","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:36.697897Z","receivedAt":"2026-05-15T20:53:36.710467Z"},{"id":4256,"fincertId":"FINCERT-2026-004256","incidentId":20413,"idempotencyKey":"incident-20413","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:36.677964Z","receivedAt":"2026-05-15T20:53:36.690997Z"},{"id":4255,"fincertId":"FINCERT-2026-004255","incidentId":20406,"idempotencyKey":"incident-20406","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:36.420455Z","receivedAt":"2026-05-15T20:53:36.443735Z"},{"id":4254,"fincertId":"FINCERT-2026-004254","incidentId":20400,"idempotencyKey":"incident-20400","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:36.297737Z","receivedAt":"2026-05-15T20:53:36.318356Z"},{"id":4253,"fincertId":"FINCERT-2026-004253","incidentId":20397,"idempotencyKey":"incident-20397","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:36.240784Z","receivedAt":"2026-05-15T20:53:36.255414Z"},{"id":4252,"fincertId":"FINCERT-2026-004252","incidentId":20395,"idempotencyKey":"incident-20395","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:36.196211Z","receivedAt":"2026-05-15T20:53:36.210588Z"},{"id":4251,"fincertId":"FINCERT-2026-004251","incidentId":20385,"idempotencyKey":"incident-20385","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:36.008043Z","receivedAt":"2026-05-15T20:53:36.023472Z"},{"id":4250,"fincertId":"FINCERT-2026-004250","incidentId":20383,"idempotencyKey":"incident-20383","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:35.963630Z","receivedAt":"2026-05-15T20:53:35.984733Z"},{"id":4249,"fincertId":"FINCERT-2026-004249","incidentId":20381,"idempotencyKey":"incident-20381","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:35.924370Z","receivedAt":"2026-05-15T20:53:35.936429Z"},{"id":4248,"fincertId":"FINCERT-2026-004248","incidentId":20378,"idempotencyKey":"incident-20378","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:35.874702Z","receivedAt":"2026-05-15T20:53:35.885526Z"},{"id":4247,"fincertId":"FINCERT-2026-004247","incidentId":20372,"idempotencyKey":"incident-20372","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:35.755947Z","receivedAt":"2026-05-15T20:53:35.770749Z"},{"id":4246,"fincertId":"FINCERT-2026-004246","incidentId":20366,"idempotencyKey":"incident-20366","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:35.596130Z","receivedAt":"2026-05-15T20:53:35.618019Z"},{"id":4245,"fincertId":"FINCERT-2026-004245","incidentId":20357,"idempotencyKey":"incident-20357","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:35.429516Z","receivedAt":"2026-05-15T20:53:35.441483Z"},{"id":4244,"fincertId":"FINCERT-2026-004244","incidentId":20356,"idempotencyKey":"incident-20356","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:35.410483Z","receivedAt":"2026-05-15T20:53:35.422559Z"},{"id":4243,"fincertId":"FINCERT-2026-004243","incidentId":20355,"idempotencyKey":"incident-20355","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:35.391508Z","receivedAt":"2026-05-15T20:53:35.403562Z"},{"id":4242,"fincertId":"FINCERT-2026-004242","incidentId":20354,"idempotencyKey":"incident-20354","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:35.365380Z","receivedAt":"2026-05-15T20:53:35.378060Z"},{"id":4241,"fincertId":"FINCERT-2026-004241","incidentId":20353,"idempotencyKey":"incident-20353","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:35.332659Z","receivedAt":"2026-05-15T20:53:35.354613Z"},{"id":4240,"fincertId":"FINCERT-2026-004240","incidentId":20352,"idempotencyKey":"incident-20352","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:35.295557Z","receivedAt":"2026-05-15T20:53:35.319776Z"},{"id":4239,"fincertId":"FINCERT-2026-004239","incidentId":20351,"idempotencyKey":"incident-20351","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:35.276021Z","receivedAt":"2026-05-15T20:53:35.288978Z"},{"id":4238,"fincertId":"FINCERT-2026-004238","incidentId":20350,"idempotencyKey":"incident-20350","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:35.256021Z","receivedAt":"2026-05-15T20:53:35.268297Z"},{"id":4237,"fincertId":"FINCERT-2026-004237","incidentId":20349,"idempotencyKey":"incident-20349","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:35.236449Z","receivedAt":"2026-05-15T20:53:35.249435Z"},{"id":4236,"fincertId":"FINCERT-2026-004236","incidentId":20348,"idempotencyKey":"incident-20348","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:35.209494Z","receivedAt":"2026-05-15T20:53:35.224931Z"},{"id":4235,"fincertId":"FINCERT-2026-004235","incidentId":20347,"idempotencyKey":"incident-20347","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:35.182740Z","receivedAt":"2026-05-15T20:53:35.195361Z"},{"id":4234,"fincertId":"FINCERT-2026-004234","incidentId":20343,"idempotencyKey":"incident-20343","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:35.108757Z","receivedAt":"2026-05-15T20:53:35.131029Z"},{"id":4233,"fincertId":"FINCERT-2026-004233","incidentId":20342,"idempotencyKey":"incident-20342","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:35.081357Z","receivedAt":"2026-05-15T20:53:35.094761Z"},{"id":4232,"fincertId":"FINCERT-2026-004232","incidentId":20340,"idempotencyKey":"incident-20340","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:35.045416Z","receivedAt":"2026-05-15T20:53:35.059020Z"},{"id":4231,"fincertId":"FINCERT-2026-004231","incidentId":20336,"idempotencyKey":"incident-20336","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:34.969136Z","receivedAt":"2026-05-15T20:53:34.987029Z"},{"id":4230,"fincertId":"FINCERT-2026-004230","incidentId":20335,"idempotencyKey":"incident-20335","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:34.943416Z","receivedAt":"2026-05-15T20:53:34.959751Z"},{"id":4229,"fincertId":"FINCERT-2026-004229","incidentId":20334,"idempotencyKey":"incident-20334","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:34.909710Z","receivedAt":"2026-05-15T20:53:34.929076Z"},{"id":4228,"fincertId":"FINCERT-2026-004228","incidentId":20324,"idempotencyKey":"incident-20324","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:34.681800Z","receivedAt":"2026-05-15T20:53:34.694821Z"},{"id":4227,"fincertId":"FINCERT-2026-004227","incidentId":20322,"idempotencyKey":"incident-20322","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:34.628586Z","receivedAt":"2026-05-15T20:53:34.649065Z"},{"id":4226,"fincertId":"FINCERT-2026-004226","incidentId":20317,"idempotencyKey":"incident-20317","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:34.498988Z","receivedAt":"2026-05-15T20:53:34.518702Z"},{"id":4225,"fincertId":"FINCERT-2026-004225","incidentId":20316,"idempotencyKey":"incident-20316","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:34.470143Z","receivedAt":"2026-05-15T20:53:34.491087Z"},{"id":4224,"fincertId":"FINCERT-2026-004224","incidentId":20311,"idempotencyKey":"incident-20311","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:34.261209Z","receivedAt":"2026-05-15T20:53:34.278418Z"},{"id":4223,"fincertId":"FINCERT-2026-004223","incidentId":20310,"idempotencyKey":"incident-20310","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:34.234382Z","receivedAt":"2026-05-15T20:53:34.253564Z"},{"id":4222,"fincertId":"FINCERT-2026-004222","incidentId":20307,"idempotencyKey":"incident-20307","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:34.178743Z","receivedAt":"2026-05-15T20:53:34.193218Z"},{"id":4221,"fincertId":"FINCERT-2026-004221","incidentId":20306,"idempotencyKey":"incident-20306","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:34.145793Z","receivedAt":"2026-05-15T20:53:34.169988Z"},{"id":4220,"fincertId":"FINCERT-2026-004220","incidentId":20298,"idempotencyKey":"incident-20298","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:33.966318Z","receivedAt":"2026-05-15T20:53:33.995548Z"},{"id":4219,"fincertId":"FINCERT-2026-004219","incidentId":20297,"idempotencyKey":"incident-20297","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:33.943780Z","receivedAt":"2026-05-15T20:53:33.959140Z"},{"id":4218,"fincertId":"FINCERT-2026-004218","incidentId":20296,"idempotencyKey":"incident-20296","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:33.919380Z","receivedAt":"2026-05-15T20:53:33.930060Z"},{"id":4217,"fincertId":"FINCERT-2026-004217","incidentId":20295,"idempotencyKey":"incident-20295","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:33.899852Z","receivedAt":"2026-05-15T20:53:33.913319Z"},{"id":4216,"fincertId":"FINCERT-2026-004216","incidentId":20290,"idempotencyKey":"incident-20290","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:33.794134Z","receivedAt":"2026-05-15T20:53:33.815064Z"},{"id":4215,"fincertId":"FINCERT-2026-004215","incidentId":20285,"idempotencyKey":"incident-20285","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:33.705024Z","receivedAt":"2026-05-15T20:53:33.724595Z"},{"id":4214,"fincertId":"FINCERT-2026-004214","incidentId":20284,"idempotencyKey":"incident-20284","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:33.667345Z","receivedAt":"2026-05-15T20:53:33.686606Z"},{"id":4213,"fincertId":"FINCERT-2026-004213","incidentId":20283,"idempotencyKey":"incident-20283","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:33.620383Z","receivedAt":"2026-05-15T20:53:33.644247Z"},{"id":4212,"fincertId":"FINCERT-2026-004212","incidentId":20282,"idempotencyKey":"incident-20282","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:33.594722Z","receivedAt":"2026-05-15T20:53:33.611105Z"},{"id":4211,"fincertId":"FINCERT-2026-004211","incidentId":20277,"idempotencyKey":"incident-20277","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:33.513724Z","receivedAt":"2026-05-15T20:53:33.529579Z"},{"id":4210,"fincertId":"FINCERT-2026-004210","incidentId":20274,"idempotencyKey":"incident-20274","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:33.443068Z","receivedAt":"2026-05-15T20:53:33.456969Z"},{"id":4209,"fincertId":"FINCERT-2026-004209","incidentId":20270,"idempotencyKey":"incident-20270","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:33.374163Z","receivedAt":"2026-05-15T20:53:33.388225Z"},{"id":4208,"fincertId":"FINCERT-2026-004208","incidentId":20269,"idempotencyKey":"incident-20269","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:33.348059Z","receivedAt":"2026-05-15T20:53:33.368659Z"},{"id":4207,"fincertId":"FINCERT-2026-004207","incidentId":20259,"idempotencyKey":"incident-20259","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:32.992661Z","receivedAt":"2026-05-15T20:53:33.017235Z"},{"id":4206,"fincertId":"FINCERT-2026-004206","incidentId":20258,"idempotencyKey":"incident-20258","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:32.959406Z","receivedAt":"2026-05-15T20:53:32.978995Z"},{"id":4205,"fincertId":"FINCERT-2026-004205","incidentId":20257,"idempotencyKey":"incident-20257","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:32.938220Z","receivedAt":"2026-05-15T20:53:32.951482Z"},{"id":4204,"fincertId":"FINCERT-2026-004204","incidentId":20253,"idempotencyKey":"incident-20253","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:32.865893Z","receivedAt":"2026-05-15T20:53:32.878250Z"},{"id":4203,"fincertId":"FINCERT-2026-004203","incidentId":20252,"idempotencyKey":"incident-20252","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:32.821128Z","receivedAt":"2026-05-15T20:53:32.854063Z"},{"id":4202,"fincertId":"FINCERT-2026-004202","incidentId":20249,"idempotencyKey":"incident-20249","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:32.765473Z","receivedAt":"2026-05-15T20:53:32.778694Z"},{"id":4201,"fincertId":"FINCERT-2026-004201","incidentId":20247,"idempotencyKey":"incident-20247","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:32.728803Z","receivedAt":"2026-05-15T20:53:32.742525Z"},{"id":4200,"fincertId":"FINCERT-2026-004200","incidentId":20244,"idempotencyKey":"incident-20244","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:32.675952Z","receivedAt":"2026-05-15T20:53:32.690009Z"},{"id":4199,"fincertId":"FINCERT-2026-004199","incidentId":20241,"idempotencyKey":"incident-20241","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:32.619738Z","receivedAt":"2026-05-15T20:53:32.636973Z"},{"id":4198,"fincertId":"FINCERT-2026-004198","incidentId":20239,"idempotencyKey":"incident-20239","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:32.573033Z","receivedAt":"2026-05-15T20:53:32.588022Z"},{"id":4197,"fincertId":"FINCERT-2026-004197","incidentId":20237,"idempotencyKey":"incident-20237","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:32.534002Z","receivedAt":"2026-05-15T20:53:32.547319Z"},{"id":4196,"fincertId":"FINCERT-2026-004196","incidentId":20235,"idempotencyKey":"incident-20235","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:32.499550Z","receivedAt":"2026-05-15T20:53:32.512535Z"},{"id":4195,"fincertId":"FINCERT-2026-004195","incidentId":20224,"idempotencyKey":"incident-20224","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:32.289019Z","receivedAt":"2026-05-15T20:53:32.301883Z"},{"id":4194,"fincertId":"FINCERT-2026-004194","incidentId":20221,"idempotencyKey":"incident-20221","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:32.238660Z","receivedAt":"2026-05-15T20:53:32.250505Z"},{"id":4193,"fincertId":"FINCERT-2026-004193","incidentId":20220,"idempotencyKey":"incident-20220","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:32.217697Z","receivedAt":"2026-05-15T20:53:32.232136Z"},{"id":4192,"fincertId":"FINCERT-2026-004192","incidentId":20219,"idempotencyKey":"incident-20219","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:32.198128Z","receivedAt":"2026-05-15T20:53:32.211428Z"},{"id":4191,"fincertId":"FINCERT-2026-004191","incidentId":20217,"idempotencyKey":"incident-20217","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:32.164589Z","receivedAt":"2026-05-15T20:53:32.176787Z"},{"id":4190,"fincertId":"FINCERT-2026-004190","incidentId":20211,"idempotencyKey":"incident-20211","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:32.054595Z","receivedAt":"2026-05-15T20:53:32.069483Z"},{"id":4189,"fincertId":"FINCERT-2026-004189","incidentId":20205,"idempotencyKey":"incident-20205","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:31.930623Z","receivedAt":"2026-05-15T20:53:31.944384Z"},{"id":4188,"fincertId":"FINCERT-2026-004188","incidentId":20203,"idempotencyKey":"incident-20203","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:31.896551Z","receivedAt":"2026-05-15T20:53:31.910165Z"},{"id":4187,"fincertId":"FINCERT-2026-004187","incidentId":20200,"idempotencyKey":"incident-20200","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:31.824108Z","receivedAt":"2026-05-15T20:53:31.846600Z"},{"id":4186,"fincertId":"FINCERT-2026-004186","incidentId":20196,"idempotencyKey":"incident-20196","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:31.740132Z","receivedAt":"2026-05-15T20:53:31.755430Z"},{"id":4185,"fincertId":"FINCERT-2026-004185","incidentId":20185,"idempotencyKey":"incident-20185","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:31.503102Z","receivedAt":"2026-05-15T20:53:31.532215Z"},{"id":4184,"fincertId":"FINCERT-2026-004184","incidentId":20184,"idempotencyKey":"incident-20184","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:31.445400Z","receivedAt":"2026-05-15T20:53:31.464316Z"},{"id":4183,"fincertId":"FINCERT-2026-004183","incidentId":20181,"idempotencyKey":"incident-20181","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:31.390391Z","receivedAt":"2026-05-15T20:53:31.402368Z"},{"id":4182,"fincertId":"FINCERT-2026-004182","incidentId":20180,"idempotencyKey":"incident-20180","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:31.371847Z","receivedAt":"2026-05-15T20:53:31.383203Z"},{"id":4181,"fincertId":"FINCERT-2026-004181","incidentId":20175,"idempotencyKey":"incident-20175","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:31.279970Z","receivedAt":"2026-05-15T20:53:31.293828Z"},{"id":4180,"fincertId":"FINCERT-2026-004180","incidentId":20173,"idempotencyKey":"incident-20173","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:31.243843Z","receivedAt":"2026-05-15T20:53:31.256252Z"},{"id":4179,"fincertId":"FINCERT-2026-004179","incidentId":20171,"idempotencyKey":"incident-20171","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:31.202378Z","receivedAt":"2026-05-15T20:53:31.213934Z"},{"id":4178,"fincertId":"FINCERT-2026-004178","incidentId":20170,"idempotencyKey":"incident-20170","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:31.184609Z","receivedAt":"2026-05-15T20:53:31.196211Z"},{"id":4177,"fincertId":"FINCERT-2026-004177","incidentId":20168,"idempotencyKey":"incident-20168","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:31.142754Z","receivedAt":"2026-05-15T20:53:31.155318Z"},{"id":4176,"fincertId":"FINCERT-2026-004176","incidentId":20154,"idempotencyKey":"incident-20154","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:30.898411Z","receivedAt":"2026-05-15T20:53:30.917353Z"},{"id":4175,"fincertId":"FINCERT-2026-004175","incidentId":20145,"idempotencyKey":"incident-20145","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:30.703848Z","receivedAt":"2026-05-15T20:53:30.723545Z"},{"id":4174,"fincertId":"FINCERT-2026-004174","incidentId":20144,"idempotencyKey":"incident-20144","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:30.643810Z","receivedAt":"2026-05-15T20:53:30.693489Z"},{"id":4173,"fincertId":"FINCERT-2026-004173","incidentId":20138,"idempotencyKey":"incident-20138","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:30.503209Z","receivedAt":"2026-05-15T20:53:30.527031Z"},{"id":4172,"fincertId":"FINCERT-2026-004172","incidentId":20137,"idempotencyKey":"incident-20137","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:30.453012Z","receivedAt":"2026-05-15T20:53:30.485093Z"},{"id":4171,"fincertId":"FINCERT-2026-004171","incidentId":20134,"idempotencyKey":"incident-20134","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:30.403015Z","receivedAt":"2026-05-15T20:53:30.416128Z"},{"id":4170,"fincertId":"FINCERT-2026-004170","incidentId":20131,"idempotencyKey":"incident-20131","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:30.354467Z","receivedAt":"2026-05-15T20:53:30.366698Z"},{"id":4169,"fincertId":"FINCERT-2026-004169","incidentId":20128,"idempotencyKey":"incident-20128","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:30.256230Z","receivedAt":"2026-05-15T20:53:30.272598Z"},{"id":4168,"fincertId":"FINCERT-2026-004168","incidentId":20125,"idempotencyKey":"incident-20125","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:30.197362Z","receivedAt":"2026-05-15T20:53:30.210Z"},{"id":4167,"fincertId":"FINCERT-2026-004167","incidentId":20115,"idempotencyKey":"incident-20115","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:29.951605Z","receivedAt":"2026-05-15T20:53:29.975009Z"},{"id":4166,"fincertId":"FINCERT-2026-004166","incidentId":20111,"idempotencyKey":"incident-20111","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:29.873599Z","receivedAt":"2026-05-15T20:53:29.886932Z"},{"id":4165,"fincertId":"FINCERT-2026-004165","incidentId":20100,"idempotencyKey":"incident-20100","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:29.672417Z","receivedAt":"2026-05-15T20:53:29.686914Z"},{"id":4164,"fincertId":"FINCERT-2026-004164","incidentId":20099,"idempotencyKey":"incident-20099","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:29.642852Z","receivedAt":"2026-05-15T20:53:29.659389Z"},{"id":4163,"fincertId":"FINCERT-2026-004163","incidentId":20092,"idempotencyKey":"incident-20092","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:29.487586Z","receivedAt":"2026-05-15T20:53:29.512663Z"},{"id":4162,"fincertId":"FINCERT-2026-004162","incidentId":20089,"idempotencyKey":"incident-20089","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:29.416730Z","receivedAt":"2026-05-15T20:53:29.428076Z"},{"id":4161,"fincertId":"FINCERT-2026-004161","incidentId":20086,"idempotencyKey":"incident-20086","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:29.369799Z","receivedAt":"2026-05-15T20:53:29.382285Z"},{"id":4160,"fincertId":"FINCERT-2026-004160","incidentId":20085,"idempotencyKey":"incident-20085","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:29.342841Z","receivedAt":"2026-05-15T20:53:29.355997Z"},{"id":4159,"fincertId":"FINCERT-2026-004159","incidentId":20080,"idempotencyKey":"incident-20080","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:29.251360Z","receivedAt":"2026-05-15T20:53:29.264524Z"},{"id":4158,"fincertId":"FINCERT-2026-004158","incidentId":20079,"idempotencyKey":"incident-20079","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:29.224895Z","receivedAt":"2026-05-15T20:53:29.237950Z"},{"id":4157,"fincertId":"FINCERT-2026-004157","incidentId":20076,"idempotencyKey":"incident-20076","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:29.176513Z","receivedAt":"2026-05-15T20:53:29.189371Z"},{"id":4156,"fincertId":"FINCERT-2026-004156","incidentId":20075,"idempotencyKey":"incident-20075","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:29.159483Z","receivedAt":"2026-05-15T20:53:29.170338Z"},{"id":4155,"fincertId":"FINCERT-2026-004155","incidentId":20062,"idempotencyKey":"incident-20062","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:28.937808Z","receivedAt":"2026-05-15T20:53:28.953962Z"},{"id":4154,"fincertId":"FINCERT-2026-004154","incidentId":20061,"idempotencyKey":"incident-20061","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:28.919880Z","receivedAt":"2026-05-15T20:53:28.931435Z"},{"id":4153,"fincertId":"FINCERT-2026-004153","incidentId":20058,"idempotencyKey":"incident-20058","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:28.858342Z","receivedAt":"2026-05-15T20:53:28.874777Z"},{"id":4152,"fincertId":"FINCERT-2026-004152","incidentId":20052,"idempotencyKey":"incident-20052","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:28.732839Z","receivedAt":"2026-05-15T20:53:28.754426Z"},{"id":4151,"fincertId":"FINCERT-2026-004151","incidentId":20045,"idempotencyKey":"incident-20045","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:28.587541Z","receivedAt":"2026-05-15T20:53:28.600564Z"},{"id":4150,"fincertId":"FINCERT-2026-004150","incidentId":20041,"idempotencyKey":"incident-20041","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:28.519539Z","receivedAt":"2026-05-15T20:53:28.533621Z"},{"id":4149,"fincertId":"FINCERT-2026-004149","incidentId":20040,"idempotencyKey":"incident-20040","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:28.488806Z","receivedAt":"2026-05-15T20:53:28.506031Z"},{"id":4148,"fincertId":"FINCERT-2026-004148","incidentId":20039,"idempotencyKey":"incident-20039","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:28.458144Z","receivedAt":"2026-05-15T20:53:28.478163Z"},{"id":4147,"fincertId":"FINCERT-2026-004147","incidentId":20037,"idempotencyKey":"incident-20037","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:28.422362Z","receivedAt":"2026-05-15T20:53:28.434916Z"},{"id":4146,"fincertId":"FINCERT-2026-004146","incidentId":20034,"idempotencyKey":"incident-20034","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:28.375869Z","receivedAt":"2026-05-15T20:53:28.388493Z"},{"id":4145,"fincertId":"FINCERT-2026-004145","incidentId":20032,"idempotencyKey":"incident-20032","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:28.332754Z","receivedAt":"2026-05-15T20:53:28.348026Z"},{"id":4144,"fincertId":"FINCERT-2026-004144","incidentId":20030,"idempotencyKey":"incident-20030","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:28.291934Z","receivedAt":"2026-05-15T20:53:28.304497Z"},{"id":4143,"fincertId":"FINCERT-2026-004143","incidentId":20027,"idempotencyKey":"incident-20027","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:28.245917Z","receivedAt":"2026-05-15T20:53:28.257064Z"},{"id":4142,"fincertId":"FINCERT-2026-004142","incidentId":20026,"idempotencyKey":"incident-20026","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:28.222299Z","receivedAt":"2026-05-15T20:53:28.237411Z"},{"id":4141,"fincertId":"FINCERT-2026-004141","incidentId":20022,"idempotencyKey":"incident-20022","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:28.153669Z","receivedAt":"2026-05-15T20:53:28.165676Z"},{"id":4140,"fincertId":"FINCERT-2026-004140","incidentId":20021,"idempotencyKey":"incident-20021","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:28.120718Z","receivedAt":"2026-05-15T20:53:28.144863Z"},{"id":4139,"fincertId":"FINCERT-2026-004139","incidentId":20018,"idempotencyKey":"incident-20018","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:28.059874Z","receivedAt":"2026-05-15T20:53:28.077827Z"},{"id":4138,"fincertId":"FINCERT-2026-004138","incidentId":20014,"idempotencyKey":"incident-20014","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.964418Z","receivedAt":"2026-05-15T20:53:27.993402Z"},{"id":4137,"fincertId":"FINCERT-2026-004137","incidentId":20007,"idempotencyKey":"incident-20007","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.847350Z","receivedAt":"2026-05-15T20:53:27.859049Z"},{"id":4136,"fincertId":"FINCERT-2026-004136","incidentId":20006,"idempotencyKey":"incident-20006","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:27.811529Z","receivedAt":"2026-05-15T20:53:27.828944Z"},{"id":4135,"fincertId":"FINCERT-2026-004135","incidentId":20004,"idempotencyKey":"incident-20004","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.776214Z","receivedAt":"2026-05-15T20:53:27.790542Z"},{"id":4134,"fincertId":"FINCERT-2026-004134","incidentId":20003,"idempotencyKey":"incident-20003","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:27.738441Z","receivedAt":"2026-05-15T20:53:27.762608Z"},{"id":4133,"fincertId":"FINCERT-2026-004133","incidentId":20000,"idempotencyKey":"incident-20000","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:27.693995Z","receivedAt":"2026-05-15T20:53:27.705470Z"},{"id":4132,"fincertId":"FINCERT-2026-004132","incidentId":19999,"idempotencyKey":"incident-19999","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:27.676464Z","receivedAt":"2026-05-15T20:53:27.688035Z"},{"id":4131,"fincertId":"FINCERT-2026-004131","incidentId":19996,"idempotencyKey":"incident-19996","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.624960Z","receivedAt":"2026-05-15T20:53:27.639754Z"},{"id":4130,"fincertId":"FINCERT-2026-004130","incidentId":19995,"idempotencyKey":"incident-19995","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.599700Z","receivedAt":"2026-05-15T20:53:27.617971Z"},{"id":4129,"fincertId":"FINCERT-2026-004129","incidentId":19992,"idempotencyKey":"incident-19992","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:27.549910Z","receivedAt":"2026-05-15T20:53:27.561614Z"},{"id":4128,"fincertId":"FINCERT-2026-004128","incidentId":19985,"idempotencyKey":"incident-19985","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:27.423784Z","receivedAt":"2026-05-15T20:53:27.437495Z"},{"id":4127,"fincertId":"FINCERT-2026-004127","incidentId":19984,"idempotencyKey":"incident-19984","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.405500Z","receivedAt":"2026-05-15T20:53:27.416597Z"},{"id":4126,"fincertId":"FINCERT-2026-004126","incidentId":19983,"idempotencyKey":"incident-19983","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:27.384547Z","receivedAt":"2026-05-15T20:53:27.398758Z"},{"id":4125,"fincertId":"FINCERT-2026-004125","incidentId":19981,"idempotencyKey":"incident-19981","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.343987Z","receivedAt":"2026-05-15T20:53:27.359098Z"},{"id":4124,"fincertId":"FINCERT-2026-004124","incidentId":19977,"idempotencyKey":"incident-19977","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:27.263877Z","receivedAt":"2026-05-15T20:53:27.275784Z"},{"id":4123,"fincertId":"FINCERT-2026-004123","incidentId":19976,"idempotencyKey":"incident-19976","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.244592Z","receivedAt":"2026-05-15T20:53:27.256907Z"},{"id":4122,"fincertId":"FINCERT-2026-004122","incidentId":19968,"idempotencyKey":"incident-19968","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:27.080818Z","receivedAt":"2026-05-15T20:53:27.092960Z"},{"id":4121,"fincertId":"FINCERT-2026-004121","incidentId":19961,"idempotencyKey":"incident-19961","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:26.934554Z","receivedAt":"2026-05-15T20:53:26.947618Z"},{"id":4120,"fincertId":"FINCERT-2026-004120","incidentId":19954,"idempotencyKey":"incident-19954","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:26.745015Z","receivedAt":"2026-05-15T20:53:26.759848Z"},{"id":4119,"fincertId":"FINCERT-2026-004119","incidentId":19950,"idempotencyKey":"incident-19950","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:26.604250Z","receivedAt":"2026-05-15T20:53:26.644684Z"},{"id":4118,"fincertId":"FINCERT-2026-004118","incidentId":19948,"idempotencyKey":"incident-19948","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:26.566442Z","receivedAt":"2026-05-15T20:53:26.578687Z"},{"id":4117,"fincertId":"FINCERT-2026-004117","incidentId":19947,"idempotencyKey":"incident-19947","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:26.548859Z","receivedAt":"2026-05-15T20:53:26.559742Z"},{"id":4116,"fincertId":"FINCERT-2026-004116","incidentId":19940,"idempotencyKey":"incident-19940","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:26.397819Z","receivedAt":"2026-05-15T20:53:26.411829Z"},{"id":4115,"fincertId":"FINCERT-2026-004115","incidentId":19939,"idempotencyKey":"incident-19939","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:26.370561Z","receivedAt":"2026-05-15T20:53:26.387727Z"},{"id":4114,"fincertId":"FINCERT-2026-004114","incidentId":19935,"idempotencyKey":"incident-19935","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:26.241002Z","receivedAt":"2026-05-15T20:53:26.268192Z"},{"id":4113,"fincertId":"FINCERT-2026-004113","incidentId":19931,"idempotencyKey":"incident-19931","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:26.063404Z","receivedAt":"2026-05-15T20:53:26.102908Z"},{"id":4112,"fincertId":"FINCERT-2026-004112","incidentId":19924,"idempotencyKey":"incident-19924","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:25.777415Z","receivedAt":"2026-05-15T20:53:25.792940Z"},{"id":4111,"fincertId":"FINCERT-2026-004111","incidentId":19916,"idempotencyKey":"incident-19916","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:25.588768Z","receivedAt":"2026-05-15T20:53:25.628985Z"},{"id":4110,"fincertId":"FINCERT-2026-004110","incidentId":19915,"idempotencyKey":"incident-19915","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:25.551043Z","receivedAt":"2026-05-15T20:53:25.566515Z"},{"id":4109,"fincertId":"FINCERT-2026-004109","incidentId":19914,"idempotencyKey":"incident-19914","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:25.509015Z","receivedAt":"2026-05-15T20:53:25.537384Z"},{"id":4108,"fincertId":"FINCERT-2026-004108","incidentId":19905,"idempotencyKey":"incident-19905","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:25.281564Z","receivedAt":"2026-05-15T20:53:25.301785Z"},{"id":4107,"fincertId":"FINCERT-2026-004107","incidentId":19903,"idempotencyKey":"incident-19903","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:25.235662Z","receivedAt":"2026-05-15T20:53:25.252219Z"},{"id":4106,"fincertId":"FINCERT-2026-004106","incidentId":19901,"idempotencyKey":"incident-19901","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:25.184765Z","receivedAt":"2026-05-15T20:53:25.200196Z"},{"id":4105,"fincertId":"FINCERT-2026-004105","incidentId":19900,"idempotencyKey":"incident-19900","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:25.157547Z","receivedAt":"2026-05-15T20:53:25.173925Z"},{"id":4104,"fincertId":"FINCERT-2026-004104","incidentId":19896,"idempotencyKey":"incident-19896","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:25.060313Z","receivedAt":"2026-05-15T20:53:25.074921Z"},{"id":4103,"fincertId":"FINCERT-2026-004103","incidentId":19895,"idempotencyKey":"incident-19895","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:25.033626Z","receivedAt":"2026-05-15T20:53:25.046923Z"},{"id":4102,"fincertId":"FINCERT-2026-004102","incidentId":19894,"idempotencyKey":"incident-19894","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:25.001688Z","receivedAt":"2026-05-15T20:53:25.018630Z"},{"id":4101,"fincertId":"FINCERT-2026-004101","incidentId":19891,"idempotencyKey":"incident-19891","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:24.930788Z","receivedAt":"2026-05-15T20:53:24.945103Z"},{"id":4100,"fincertId":"FINCERT-2026-004100","incidentId":19890,"idempotencyKey":"incident-19890","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:24.909066Z","receivedAt":"2026-05-15T20:53:24.923140Z"},{"id":4099,"fincertId":"FINCERT-2026-004099","incidentId":19887,"idempotencyKey":"incident-19887","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:24.815818Z","receivedAt":"2026-05-15T20:53:24.837339Z"},{"id":4098,"fincertId":"FINCERT-2026-004098","incidentId":19884,"idempotencyKey":"incident-19884","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:24.688589Z","receivedAt":"2026-05-15T20:53:24.706348Z"},{"id":4097,"fincertId":"FINCERT-2026-004097","incidentId":19882,"idempotencyKey":"incident-19882","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:24.633802Z","receivedAt":"2026-05-15T20:53:24.658940Z"},{"id":4096,"fincertId":"FINCERT-2026-004096","incidentId":19879,"idempotencyKey":"incident-19879","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:24.559513Z","receivedAt":"2026-05-15T20:53:24.572478Z"},{"id":4095,"fincertId":"FINCERT-2026-004095","incidentId":19873,"idempotencyKey":"incident-19873","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:24.452110Z","receivedAt":"2026-05-15T20:53:24.470589Z"},{"id":4094,"fincertId":"FINCERT-2026-004094","incidentId":19871,"idempotencyKey":"incident-19871","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:24.419618Z","receivedAt":"2026-05-15T20:53:24.432676Z"},{"id":4093,"fincertId":"FINCERT-2026-004093","incidentId":19869,"idempotencyKey":"incident-19869","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:24.377938Z","receivedAt":"2026-05-15T20:53:24.390803Z"},{"id":4092,"fincertId":"FINCERT-2026-004092","incidentId":19868,"idempotencyKey":"incident-19868","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:24.356869Z","receivedAt":"2026-05-15T20:53:24.371882Z"},{"id":4091,"fincertId":"FINCERT-2026-004091","incidentId":19866,"idempotencyKey":"incident-19866","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:24.308063Z","receivedAt":"2026-05-15T20:53:24.331366Z"},{"id":4090,"fincertId":"FINCERT-2026-004090","incidentId":19862,"idempotencyKey":"incident-19862","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:24.244491Z","receivedAt":"2026-05-15T20:53:24.257499Z"},{"id":4089,"fincertId":"FINCERT-2026-004089","incidentId":19857,"idempotencyKey":"incident-19857","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:24.136433Z","receivedAt":"2026-05-15T20:53:24.162993Z"},{"id":4088,"fincertId":"FINCERT-2026-004088","incidentId":19853,"idempotencyKey":"incident-19853","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:24.056296Z","receivedAt":"2026-05-15T20:53:24.073474Z"},{"id":4087,"fincertId":"FINCERT-2026-004087","incidentId":19851,"idempotencyKey":"incident-19851","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:24.010668Z","receivedAt":"2026-05-15T20:53:24.032439Z"},{"id":4086,"fincertId":"FINCERT-2026-004086","incidentId":19844,"idempotencyKey":"incident-19844","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:23.857843Z","receivedAt":"2026-05-15T20:53:23.883375Z"},{"id":4085,"fincertId":"FINCERT-2026-004085","incidentId":19843,"idempotencyKey":"incident-19843","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:23.812979Z","receivedAt":"2026-05-15T20:53:23.837212Z"},{"id":4084,"fincertId":"FINCERT-2026-004084","incidentId":19839,"idempotencyKey":"incident-19839","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:23.744092Z","receivedAt":"2026-05-15T20:53:23.758752Z"},{"id":4083,"fincertId":"FINCERT-2026-004083","incidentId":19837,"idempotencyKey":"incident-19837","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:23.702393Z","receivedAt":"2026-05-15T20:53:23.715392Z"},{"id":4082,"fincertId":"FINCERT-2026-004082","incidentId":19831,"idempotencyKey":"incident-19831","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:23.601064Z","receivedAt":"2026-05-15T20:53:23.618555Z"},{"id":4081,"fincertId":"FINCERT-2026-004081","incidentId":19830,"idempotencyKey":"incident-19830","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:23.582667Z","receivedAt":"2026-05-15T20:53:23.595221Z"},{"id":4080,"fincertId":"FINCERT-2026-004080","incidentId":19829,"idempotencyKey":"incident-19829","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:23.563129Z","receivedAt":"2026-05-15T20:53:23.574313Z"},{"id":4079,"fincertId":"FINCERT-2026-004079","incidentId":19828,"idempotencyKey":"incident-19828","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:23.544853Z","receivedAt":"2026-05-15T20:53:23.557165Z"},{"id":4078,"fincertId":"FINCERT-2026-004078","incidentId":19827,"idempotencyKey":"incident-19827","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:23.527531Z","receivedAt":"2026-05-15T20:53:23.539001Z"},{"id":4077,"fincertId":"FINCERT-2026-004077","incidentId":19825,"idempotencyKey":"incident-19825","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:23.491214Z","receivedAt":"2026-05-15T20:53:23.506641Z"},{"id":4076,"fincertId":"FINCERT-2026-004076","incidentId":19824,"idempotencyKey":"incident-19824","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:23.461463Z","receivedAt":"2026-05-15T20:53:23.480797Z"},{"id":4075,"fincertId":"FINCERT-2026-004075","incidentId":19820,"idempotencyKey":"incident-19820","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:23.395278Z","receivedAt":"2026-05-15T20:53:23.407483Z"},{"id":4074,"fincertId":"FINCERT-2026-004074","incidentId":19814,"idempotencyKey":"incident-19814","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:23.288879Z","receivedAt":"2026-05-15T20:53:23.301388Z"},{"id":4073,"fincertId":"FINCERT-2026-004073","incidentId":19813,"idempotencyKey":"incident-19813","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:23.263683Z","receivedAt":"2026-05-15T20:53:23.275765Z"},{"id":4072,"fincertId":"FINCERT-2026-004072","incidentId":19809,"idempotencyKey":"incident-19809","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:23.200559Z","receivedAt":"2026-05-15T20:53:23.213105Z"},{"id":4071,"fincertId":"FINCERT-2026-004071","incidentId":19803,"idempotencyKey":"incident-19803","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:23.082966Z","receivedAt":"2026-05-15T20:53:23.094389Z"},{"id":4070,"fincertId":"FINCERT-2026-004070","incidentId":19801,"idempotencyKey":"incident-19801","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:23.050676Z","receivedAt":"2026-05-15T20:53:23.063102Z"},{"id":4069,"fincertId":"FINCERT-2026-004069","incidentId":19797,"idempotencyKey":"incident-19797","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.982383Z","receivedAt":"2026-05-15T20:53:22.999625Z"},{"id":4068,"fincertId":"FINCERT-2026-004068","incidentId":19796,"idempotencyKey":"incident-19796","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:22.957194Z","receivedAt":"2026-05-15T20:53:22.974115Z"},{"id":4067,"fincertId":"FINCERT-2026-004067","incidentId":19792,"idempotencyKey":"incident-19792","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:22.898088Z","receivedAt":"2026-05-15T20:53:22.910231Z"},{"id":4066,"fincertId":"FINCERT-2026-004066","incidentId":19790,"idempotencyKey":"incident-19790","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:22.859446Z","receivedAt":"2026-05-15T20:53:22.872728Z"},{"id":4065,"fincertId":"FINCERT-2026-004065","incidentId":19783,"idempotencyKey":"incident-19783","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.734329Z","receivedAt":"2026-05-15T20:53:22.746946Z"},{"id":4064,"fincertId":"FINCERT-2026-004064","incidentId":19781,"idempotencyKey":"incident-19781","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:22.702050Z","receivedAt":"2026-05-15T20:53:22.714339Z"},{"id":4063,"fincertId":"FINCERT-2026-004063","incidentId":19780,"idempotencyKey":"incident-19780","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.682614Z","receivedAt":"2026-05-15T20:53:22.694731Z"},{"id":4062,"fincertId":"FINCERT-2026-004062","incidentId":19776,"idempotencyKey":"incident-19776","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.623643Z","receivedAt":"2026-05-15T20:53:22.637253Z"},{"id":4061,"fincertId":"FINCERT-2026-004061","incidentId":19773,"idempotencyKey":"incident-19773","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.573430Z","receivedAt":"2026-05-15T20:53:22.586482Z"},{"id":4060,"fincertId":"FINCERT-2026-004060","incidentId":19772,"idempotencyKey":"incident-19772","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:22.554575Z","receivedAt":"2026-05-15T20:53:22.567564Z"},{"id":4059,"fincertId":"FINCERT-2026-004059","incidentId":19769,"idempotencyKey":"incident-19769","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:22.509576Z","receivedAt":"2026-05-15T20:53:22.521991Z"},{"id":4058,"fincertId":"FINCERT-2026-004058","incidentId":19768,"idempotencyKey":"incident-19768","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.476868Z","receivedAt":"2026-05-15T20:53:22.502216Z"},{"id":4057,"fincertId":"FINCERT-2026-004057","incidentId":19766,"idempotencyKey":"incident-19766","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:22.432365Z","receivedAt":"2026-05-15T20:53:22.442926Z"},{"id":4056,"fincertId":"FINCERT-2026-004056","incidentId":19755,"idempotencyKey":"incident-19755","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:22.262451Z","receivedAt":"2026-05-15T20:53:22.274985Z"},{"id":4055,"fincertId":"FINCERT-2026-004055","incidentId":19749,"idempotencyKey":"incident-19749","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.171038Z","receivedAt":"2026-05-15T20:53:22.181860Z"},{"id":4054,"fincertId":"FINCERT-2026-004054","incidentId":19748,"idempotencyKey":"incident-19748","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:22.146431Z","receivedAt":"2026-05-15T20:53:22.157948Z"},{"id":4053,"fincertId":"FINCERT-2026-004053","incidentId":19745,"idempotencyKey":"incident-19745","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.087161Z","receivedAt":"2026-05-15T20:53:22.099817Z"},{"id":4052,"fincertId":"FINCERT-2026-004052","incidentId":19744,"idempotencyKey":"incident-19744","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:22.067809Z","receivedAt":"2026-05-15T20:53:22.079583Z"},{"id":4051,"fincertId":"FINCERT-2026-004051","incidentId":19735,"idempotencyKey":"incident-19735","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:21.914071Z","receivedAt":"2026-05-15T20:53:21.925600Z"},{"id":4050,"fincertId":"FINCERT-2026-004050","incidentId":19734,"idempotencyKey":"incident-19734","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:21.896809Z","receivedAt":"2026-05-15T20:53:21.907611Z"},{"id":4049,"fincertId":"FINCERT-2026-004049","incidentId":19732,"idempotencyKey":"incident-19732","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:21.857539Z","receivedAt":"2026-05-15T20:53:21.870071Z"},{"id":4048,"fincertId":"FINCERT-2026-004048","incidentId":19728,"idempotencyKey":"incident-19728","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:21.778694Z","receivedAt":"2026-05-15T20:53:21.790006Z"},{"id":4047,"fincertId":"FINCERT-2026-004047","incidentId":19725,"idempotencyKey":"incident-19725","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:21.726237Z","receivedAt":"2026-05-15T20:53:21.737613Z"},{"id":4046,"fincertId":"FINCERT-2026-004046","incidentId":19721,"idempotencyKey":"incident-19721","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:21.666070Z","receivedAt":"2026-05-15T20:53:21.679867Z"},{"id":4045,"fincertId":"FINCERT-2026-004045","incidentId":19717,"idempotencyKey":"incident-19717","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:21.601760Z","receivedAt":"2026-05-15T20:53:21.617748Z"},{"id":4044,"fincertId":"FINCERT-2026-004044","incidentId":19713,"idempotencyKey":"incident-19713","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:21.541682Z","receivedAt":"2026-05-15T20:53:21.552541Z"},{"id":4043,"fincertId":"FINCERT-2026-004043","incidentId":19712,"idempotencyKey":"incident-19712","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:21.516654Z","receivedAt":"2026-05-15T20:53:21.529314Z"},{"id":4042,"fincertId":"FINCERT-2026-004042","incidentId":19711,"idempotencyKey":"incident-19711","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:21.487574Z","receivedAt":"2026-05-15T20:53:21.508642Z"},{"id":4041,"fincertId":"FINCERT-2026-004041","incidentId":19710,"idempotencyKey":"incident-19710","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:21.444778Z","receivedAt":"2026-05-15T20:53:21.471228Z"},{"id":4040,"fincertId":"FINCERT-2026-004040","incidentId":19705,"idempotencyKey":"incident-19705","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:21.326852Z","receivedAt":"2026-05-15T20:53:21.359851Z"},{"id":4039,"fincertId":"FINCERT-2026-004039","incidentId":19698,"idempotencyKey":"incident-19698","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:21.161494Z","receivedAt":"2026-05-15T20:53:21.181970Z"},{"id":4038,"fincertId":"FINCERT-2026-004038","incidentId":19695,"idempotencyKey":"incident-19695","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:21.083105Z","receivedAt":"2026-05-15T20:53:21.096526Z"},{"id":4037,"fincertId":"FINCERT-2026-004037","incidentId":19693,"idempotencyKey":"incident-19693","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:21.047532Z","receivedAt":"2026-05-15T20:53:21.057593Z"},{"id":4036,"fincertId":"FINCERT-2026-004036","incidentId":19692,"idempotencyKey":"incident-19692","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:20.986776Z","receivedAt":"2026-05-15T20:53:21.019395Z"},{"id":4035,"fincertId":"FINCERT-2026-004035","incidentId":19689,"idempotencyKey":"incident-19689","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:20.923734Z","receivedAt":"2026-05-15T20:53:20.935941Z"},{"id":4034,"fincertId":"FINCERT-2026-004034","incidentId":19687,"idempotencyKey":"incident-19687","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:20.880054Z","receivedAt":"2026-05-15T20:53:20.897509Z"},{"id":4033,"fincertId":"FINCERT-2026-004033","incidentId":19683,"idempotencyKey":"incident-19683","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:20.778801Z","receivedAt":"2026-05-15T20:53:20.792371Z"},{"id":4032,"fincertId":"FINCERT-2026-004032","incidentId":19674,"idempotencyKey":"incident-19674","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:20.605003Z","receivedAt":"2026-05-15T20:53:20.627548Z"},{"id":4031,"fincertId":"FINCERT-2026-004031","incidentId":19673,"idempotencyKey":"incident-19673","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:20.575131Z","receivedAt":"2026-05-15T20:53:20.596140Z"},{"id":4030,"fincertId":"FINCERT-2026-004030","incidentId":19672,"idempotencyKey":"incident-19672","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:20.543063Z","receivedAt":"2026-05-15T20:53:20.559067Z"},{"id":4029,"fincertId":"FINCERT-2026-004029","incidentId":19671,"idempotencyKey":"incident-19671","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:20.520440Z","receivedAt":"2026-05-15T20:53:20.535480Z"},{"id":4028,"fincertId":"FINCERT-2026-004028","incidentId":19670,"idempotencyKey":"incident-19670","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:20.486088Z","receivedAt":"2026-05-15T20:53:20.505141Z"},{"id":4027,"fincertId":"FINCERT-2026-004027","incidentId":19669,"idempotencyKey":"incident-19669","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:20.462355Z","receivedAt":"2026-05-15T20:53:20.476108Z"},{"id":4026,"fincertId":"FINCERT-2026-004026","incidentId":19667,"idempotencyKey":"incident-19667","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:20.427785Z","receivedAt":"2026-05-15T20:53:20.438988Z"},{"id":4025,"fincertId":"FINCERT-2026-004025","incidentId":19666,"idempotencyKey":"incident-19666","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:20.403704Z","receivedAt":"2026-05-15T20:53:20.415239Z"},{"id":4024,"fincertId":"FINCERT-2026-004024","incidentId":19665,"idempotencyKey":"incident-19665","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:20.385949Z","receivedAt":"2026-05-15T20:53:20.397675Z"},{"id":4023,"fincertId":"FINCERT-2026-004023","incidentId":19664,"idempotencyKey":"incident-19664","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:20.359587Z","receivedAt":"2026-05-15T20:53:20.380048Z"},{"id":4022,"fincertId":"FINCERT-2026-004022","incidentId":19663,"idempotencyKey":"incident-19663","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:20.316469Z","receivedAt":"2026-05-15T20:53:20.343872Z"},{"id":4021,"fincertId":"FINCERT-2026-004021","incidentId":19661,"idempotencyKey":"incident-19661","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:20.274534Z","receivedAt":"2026-05-15T20:53:20.290292Z"},{"id":4020,"fincertId":"FINCERT-2026-004020","incidentId":19658,"idempotencyKey":"incident-19658","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:20.207061Z","receivedAt":"2026-05-15T20:53:20.224909Z"},{"id":4019,"fincertId":"FINCERT-2026-004019","incidentId":19657,"idempotencyKey":"incident-19657","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:20.189506Z","receivedAt":"2026-05-15T20:53:20.201014Z"},{"id":4018,"fincertId":"FINCERT-2026-004018","incidentId":19654,"idempotencyKey":"incident-19654","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:20.127400Z","receivedAt":"2026-05-15T20:53:20.145886Z"},{"id":4017,"fincertId":"FINCERT-2026-004017","incidentId":19649,"idempotencyKey":"incident-19649","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:20.026793Z","receivedAt":"2026-05-15T20:53:20.041950Z"},{"id":4016,"fincertId":"FINCERT-2026-004016","incidentId":19647,"idempotencyKey":"incident-19647","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:19.971594Z","receivedAt":"2026-05-15T20:53:19.989395Z"},{"id":4015,"fincertId":"FINCERT-2026-004015","incidentId":19646,"idempotencyKey":"incident-19646","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:19.944315Z","receivedAt":"2026-05-15T20:53:19.961719Z"},{"id":4014,"fincertId":"FINCERT-2026-004014","incidentId":19645,"idempotencyKey":"incident-19645","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:19.906431Z","receivedAt":"2026-05-15T20:53:19.927919Z"},{"id":4013,"fincertId":"FINCERT-2026-004013","incidentId":19642,"idempotencyKey":"incident-19642","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:19.851908Z","receivedAt":"2026-05-15T20:53:19.866718Z"},{"id":4012,"fincertId":"FINCERT-2026-004012","incidentId":19641,"idempotencyKey":"incident-19641","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:19.809339Z","receivedAt":"2026-05-15T20:53:19.827012Z"},{"id":4011,"fincertId":"FINCERT-2026-004011","incidentId":19640,"idempotencyKey":"incident-19640","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:19.790507Z","receivedAt":"2026-05-15T20:53:19.802128Z"},{"id":4010,"fincertId":"FINCERT-2026-004010","incidentId":19637,"idempotencyKey":"incident-19637","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:19.740667Z","receivedAt":"2026-05-15T20:53:19.755408Z"},{"id":4009,"fincertId":"FINCERT-2026-004009","incidentId":19632,"idempotencyKey":"incident-19632","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:19.596731Z","receivedAt":"2026-05-15T20:53:19.610919Z"},{"id":4008,"fincertId":"FINCERT-2026-004008","incidentId":19630,"idempotencyKey":"incident-19630","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:19.557250Z","receivedAt":"2026-05-15T20:53:19.568977Z"},{"id":4007,"fincertId":"FINCERT-2026-004007","incidentId":19629,"idempotencyKey":"incident-19629","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:19.528447Z","receivedAt":"2026-05-15T20:53:19.543104Z"},{"id":4006,"fincertId":"FINCERT-2026-004006","incidentId":19622,"idempotencyKey":"incident-19622","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:19.365010Z","receivedAt":"2026-05-15T20:53:19.382453Z"},{"id":4005,"fincertId":"FINCERT-2026-004005","incidentId":19618,"idempotencyKey":"incident-19618","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:19.264027Z","receivedAt":"2026-05-15T20:53:19.280995Z"},{"id":4004,"fincertId":"FINCERT-2026-004004","incidentId":19610,"idempotencyKey":"incident-19610","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:19.129165Z","receivedAt":"2026-05-15T20:53:19.151627Z"},{"id":4003,"fincertId":"FINCERT-2026-004003","incidentId":19606,"idempotencyKey":"incident-19606","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:19.057874Z","receivedAt":"2026-05-15T20:53:19.070552Z"},{"id":4002,"fincertId":"FINCERT-2026-004002","incidentId":19603,"idempotencyKey":"incident-19603","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:19.002345Z","receivedAt":"2026-05-15T20:53:19.020238Z"},{"id":4001,"fincertId":"FINCERT-2026-004001","incidentId":19595,"idempotencyKey":"incident-19595","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:18.869222Z","receivedAt":"2026-05-15T20:53:18.882820Z"},{"id":4000,"fincertId":"FINCERT-2026-004000","incidentId":19594,"idempotencyKey":"incident-19594","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:18.801865Z","receivedAt":"2026-05-15T20:53:18.820117Z"},{"id":3999,"fincertId":"FINCERT-2026-003999","incidentId":19593,"idempotencyKey":"incident-19593","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:18.784918Z","receivedAt":"2026-05-15T20:53:18.795249Z"},{"id":3998,"fincertId":"FINCERT-2026-003998","incidentId":19591,"idempotencyKey":"incident-19591","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:18.749417Z","receivedAt":"2026-05-15T20:53:18.762818Z"},{"id":3997,"fincertId":"FINCERT-2026-003997","incidentId":19588,"idempotencyKey":"incident-19588","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:18.679462Z","receivedAt":"2026-05-15T20:53:18.690934Z"},{"id":3996,"fincertId":"FINCERT-2026-003996","incidentId":19578,"idempotencyKey":"incident-19578","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:18.472621Z","receivedAt":"2026-05-15T20:53:18.498073Z"},{"id":3995,"fincertId":"FINCERT-2026-003995","incidentId":19575,"idempotencyKey":"incident-19575","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:18.417485Z","receivedAt":"2026-05-15T20:53:18.433051Z"},{"id":3994,"fincertId":"FINCERT-2026-003994","incidentId":19565,"idempotencyKey":"incident-19565","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:18.261005Z","receivedAt":"2026-05-15T20:53:18.274094Z"},{"id":3993,"fincertId":"FINCERT-2026-003993","incidentId":19561,"idempotencyKey":"incident-19561","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:18.199747Z","receivedAt":"2026-05-15T20:53:18.210444Z"},{"id":3992,"fincertId":"FINCERT-2026-003992","incidentId":19557,"idempotencyKey":"incident-19557","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:18.111894Z","receivedAt":"2026-05-15T20:53:18.131831Z"},{"id":3991,"fincertId":"FINCERT-2026-003991","incidentId":19552,"idempotencyKey":"incident-19552","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:17.973705Z","receivedAt":"2026-05-15T20:53:17.998022Z"},{"id":3990,"fincertId":"FINCERT-2026-003990","incidentId":19545,"idempotencyKey":"incident-19545","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:17.855769Z","receivedAt":"2026-05-15T20:53:17.867840Z"},{"id":3989,"fincertId":"FINCERT-2026-003989","incidentId":19538,"idempotencyKey":"incident-19538","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:17.741618Z","receivedAt":"2026-05-15T20:53:17.753450Z"},{"id":3988,"fincertId":"FINCERT-2026-003988","incidentId":19534,"idempotencyKey":"incident-19534","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:17.674160Z","receivedAt":"2026-05-15T20:53:17.685168Z"},{"id":3987,"fincertId":"FINCERT-2026-003987","incidentId":19532,"idempotencyKey":"incident-19532","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:17.612305Z","receivedAt":"2026-05-15T20:53:17.631482Z"},{"id":3986,"fincertId":"FINCERT-2026-003986","incidentId":19531,"idempotencyKey":"incident-19531","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:17.591406Z","receivedAt":"2026-05-15T20:53:17.604863Z"},{"id":3985,"fincertId":"FINCERT-2026-003985","incidentId":19522,"idempotencyKey":"incident-19522","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:17.396036Z","receivedAt":"2026-05-15T20:53:17.411545Z"},{"id":3984,"fincertId":"FINCERT-2026-003984","incidentId":19515,"idempotencyKey":"incident-19515","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:17.238513Z","receivedAt":"2026-05-15T20:53:17.251566Z"},{"id":3983,"fincertId":"FINCERT-2026-003983","incidentId":19513,"idempotencyKey":"incident-19513","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:17.162587Z","receivedAt":"2026-05-15T20:53:17.186589Z"},{"id":3982,"fincertId":"FINCERT-2026-003982","incidentId":19512,"idempotencyKey":"incident-19512","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:17.117323Z","receivedAt":"2026-05-15T20:53:17.150035Z"},{"id":3981,"fincertId":"FINCERT-2026-003981","incidentId":19511,"idempotencyKey":"incident-19511","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:17.087935Z","receivedAt":"2026-05-15T20:53:17.102672Z"},{"id":3980,"fincertId":"FINCERT-2026-003980","incidentId":19510,"idempotencyKey":"incident-19510","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:17.049738Z","receivedAt":"2026-05-15T20:53:17.066715Z"},{"id":3979,"fincertId":"FINCERT-2026-003979","incidentId":19509,"idempotencyKey":"incident-19509","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:17.029639Z","receivedAt":"2026-05-15T20:53:17.044410Z"},{"id":3978,"fincertId":"FINCERT-2026-003978","incidentId":19506,"idempotencyKey":"incident-19506","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:16.961211Z","receivedAt":"2026-05-15T20:53:16.984206Z"},{"id":3977,"fincertId":"FINCERT-2026-003977","incidentId":19505,"idempotencyKey":"incident-19505","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:16.934568Z","receivedAt":"2026-05-15T20:53:16.946631Z"},{"id":3976,"fincertId":"FINCERT-2026-003976","incidentId":19504,"idempotencyKey":"incident-19504","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:16.917330Z","receivedAt":"2026-05-15T20:53:16.928498Z"},{"id":3975,"fincertId":"FINCERT-2026-003975","incidentId":19503,"idempotencyKey":"incident-19503","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:16.899355Z","receivedAt":"2026-05-15T20:53:16.911216Z"},{"id":3974,"fincertId":"FINCERT-2026-003974","incidentId":19497,"idempotencyKey":"incident-19497","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:16.792250Z","receivedAt":"2026-05-15T20:53:16.807746Z"},{"id":3973,"fincertId":"FINCERT-2026-003973","incidentId":19496,"idempotencyKey":"incident-19496","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:16.765792Z","receivedAt":"2026-05-15T20:53:16.778533Z"},{"id":3972,"fincertId":"FINCERT-2026-003972","incidentId":19495,"idempotencyKey":"incident-19495","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:16.743040Z","receivedAt":"2026-05-15T20:53:16.753907Z"},{"id":3971,"fincertId":"FINCERT-2026-003971","incidentId":19494,"idempotencyKey":"incident-19494","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:16.726707Z","receivedAt":"2026-05-15T20:53:16.737644Z"},{"id":3970,"fincertId":"FINCERT-2026-003970","incidentId":19490,"idempotencyKey":"incident-19490","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:16.662367Z","receivedAt":"2026-05-15T20:53:16.673403Z"},{"id":3969,"fincertId":"FINCERT-2026-003969","incidentId":19487,"idempotencyKey":"incident-19487","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:16.601501Z","receivedAt":"2026-05-15T20:53:16.618488Z"},{"id":3968,"fincertId":"FINCERT-2026-003968","incidentId":19484,"idempotencyKey":"incident-19484","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:16.550072Z","receivedAt":"2026-05-15T20:53:16.560679Z"},{"id":3967,"fincertId":"FINCERT-2026-003967","incidentId":19483,"idempotencyKey":"incident-19483","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:16.530929Z","receivedAt":"2026-05-15T20:53:16.544122Z"},{"id":3966,"fincertId":"FINCERT-2026-003966","incidentId":19477,"idempotencyKey":"incident-19477","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:16.425602Z","receivedAt":"2026-05-15T20:53:16.437744Z"},{"id":3965,"fincertId":"FINCERT-2026-003965","incidentId":19476,"idempotencyKey":"incident-19476","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:16.408381Z","receivedAt":"2026-05-15T20:53:16.420335Z"},{"id":3964,"fincertId":"FINCERT-2026-003964","incidentId":19474,"idempotencyKey":"incident-19474","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:16.376046Z","receivedAt":"2026-05-15T20:53:16.389553Z"},{"id":3963,"fincertId":"FINCERT-2026-003963","incidentId":19473,"idempotencyKey":"incident-19473","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:16.348155Z","receivedAt":"2026-05-15T20:53:16.363670Z"},{"id":3962,"fincertId":"FINCERT-2026-003962","incidentId":19466,"idempotencyKey":"incident-19466","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:16.197913Z","receivedAt":"2026-05-15T20:53:16.210016Z"},{"id":3961,"fincertId":"FINCERT-2026-003961","incidentId":19463,"idempotencyKey":"incident-19463","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:16.133236Z","receivedAt":"2026-05-15T20:53:16.156290Z"},{"id":3960,"fincertId":"FINCERT-2026-003960","incidentId":19459,"idempotencyKey":"incident-19459","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:16.059935Z","receivedAt":"2026-05-15T20:53:16.071698Z"},{"id":3959,"fincertId":"FINCERT-2026-003959","incidentId":19452,"idempotencyKey":"incident-19452","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:15.901045Z","receivedAt":"2026-05-15T20:53:15.916446Z"},{"id":3958,"fincertId":"FINCERT-2026-003958","incidentId":19451,"idempotencyKey":"incident-19451","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:15.870819Z","receivedAt":"2026-05-15T20:53:15.892770Z"},{"id":3957,"fincertId":"FINCERT-2026-003957","incidentId":19445,"idempotencyKey":"incident-19445","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:15.749109Z","receivedAt":"2026-05-15T20:53:15.760973Z"},{"id":3956,"fincertId":"FINCERT-2026-003956","incidentId":19439,"idempotencyKey":"incident-19439","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:15.661289Z","receivedAt":"2026-05-15T20:53:15.673092Z"},{"id":3955,"fincertId":"FINCERT-2026-003955","incidentId":19437,"idempotencyKey":"incident-19437","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:15.628137Z","receivedAt":"2026-05-15T20:53:15.642117Z"},{"id":3954,"fincertId":"FINCERT-2026-003954","incidentId":19432,"idempotencyKey":"incident-19432","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:15.524816Z","receivedAt":"2026-05-15T20:53:15.538132Z"},{"id":3953,"fincertId":"FINCERT-2026-003953","incidentId":19431,"idempotencyKey":"incident-19431","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:15.486097Z","receivedAt":"2026-05-15T20:53:15.505441Z"},{"id":3952,"fincertId":"FINCERT-2026-003952","incidentId":19429,"idempotencyKey":"incident-19429","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:15.434548Z","receivedAt":"2026-05-15T20:53:15.447728Z"},{"id":3951,"fincertId":"FINCERT-2026-003951","incidentId":19425,"idempotencyKey":"incident-19425","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:15.320134Z","receivedAt":"2026-05-15T20:53:15.360702Z"},{"id":3950,"fincertId":"FINCERT-2026-003950","incidentId":19424,"idempotencyKey":"incident-19424","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:15.254672Z","receivedAt":"2026-05-15T20:53:15.294542Z"},{"id":3949,"fincertId":"FINCERT-2026-003949","incidentId":19419,"idempotencyKey":"incident-19419","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:15.056653Z","receivedAt":"2026-05-15T20:53:15.098360Z"},{"id":3948,"fincertId":"FINCERT-2026-003948","incidentId":19418,"idempotencyKey":"incident-19418","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:15.022913Z","receivedAt":"2026-05-15T20:53:15.036814Z"},{"id":3947,"fincertId":"FINCERT-2026-003947","incidentId":19415,"idempotencyKey":"incident-19415","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:14.974274Z","receivedAt":"2026-05-15T20:53:14.985443Z"},{"id":3946,"fincertId":"FINCERT-2026-003946","incidentId":19398,"idempotencyKey":"incident-19398","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:14.705972Z","receivedAt":"2026-05-15T20:53:14.718675Z"},{"id":3945,"fincertId":"FINCERT-2026-003945","incidentId":19397,"idempotencyKey":"incident-19397","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:14.683884Z","receivedAt":"2026-05-15T20:53:14.698411Z"},{"id":3944,"fincertId":"FINCERT-2026-003944","incidentId":19394,"idempotencyKey":"incident-19394","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:14.569415Z","receivedAt":"2026-05-15T20:53:14.593819Z"},{"id":3943,"fincertId":"FINCERT-2026-003943","incidentId":19387,"idempotencyKey":"incident-19387","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:14.422907Z","receivedAt":"2026-05-15T20:53:14.434774Z"},{"id":3942,"fincertId":"FINCERT-2026-003942","incidentId":19375,"idempotencyKey":"incident-19375","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:14.217341Z","receivedAt":"2026-05-15T20:53:14.229787Z"},{"id":3941,"fincertId":"FINCERT-2026-003941","incidentId":19374,"idempotencyKey":"incident-19374","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:14.199344Z","receivedAt":"2026-05-15T20:53:14.210464Z"},{"id":3940,"fincertId":"FINCERT-2026-003940","incidentId":19372,"idempotencyKey":"incident-19372","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:14.169901Z","receivedAt":"2026-05-15T20:53:14.180998Z"},{"id":3939,"fincertId":"FINCERT-2026-003939","incidentId":19369,"idempotencyKey":"incident-19369","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:14.106719Z","receivedAt":"2026-05-15T20:53:14.121143Z"},{"id":3938,"fincertId":"FINCERT-2026-003938","incidentId":19363,"idempotencyKey":"incident-19363","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:13.992100Z","receivedAt":"2026-05-15T20:53:14.016287Z"},{"id":3937,"fincertId":"FINCERT-2026-003937","incidentId":19355,"idempotencyKey":"incident-19355","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:13.849608Z","receivedAt":"2026-05-15T20:53:13.874406Z"},{"id":3936,"fincertId":"FINCERT-2026-003936","incidentId":19353,"idempotencyKey":"incident-19353","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:13.794007Z","receivedAt":"2026-05-15T20:53:13.809334Z"},{"id":3935,"fincertId":"FINCERT-2026-003935","incidentId":19349,"idempotencyKey":"incident-19349","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:13.723957Z","receivedAt":"2026-05-15T20:53:13.736372Z"},{"id":3934,"fincertId":"FINCERT-2026-003934","incidentId":19347,"idempotencyKey":"incident-19347","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:13.693523Z","receivedAt":"2026-05-15T20:53:13.704492Z"},{"id":3933,"fincertId":"FINCERT-2026-003933","incidentId":19345,"idempotencyKey":"incident-19345","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:13.660457Z","receivedAt":"2026-05-15T20:53:13.675220Z"},{"id":3932,"fincertId":"FINCERT-2026-003932","incidentId":19342,"idempotencyKey":"incident-19342","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:13.596893Z","receivedAt":"2026-05-15T20:53:13.611950Z"},{"id":3931,"fincertId":"FINCERT-2026-003931","incidentId":19340,"idempotencyKey":"incident-19340","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:13.560707Z","receivedAt":"2026-05-15T20:53:13.572337Z"},{"id":3930,"fincertId":"FINCERT-2026-003930","incidentId":19334,"idempotencyKey":"incident-19334","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:13.454782Z","receivedAt":"2026-05-15T20:53:13.477363Z"},{"id":3929,"fincertId":"FINCERT-2026-003929","incidentId":19333,"idempotencyKey":"incident-19333","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:13.428116Z","receivedAt":"2026-05-15T20:53:13.441913Z"},{"id":3928,"fincertId":"FINCERT-2026-003928","incidentId":19329,"idempotencyKey":"incident-19329","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:13.371534Z","receivedAt":"2026-05-15T20:53:13.382451Z"},{"id":3927,"fincertId":"FINCERT-2026-003927","incidentId":19328,"idempotencyKey":"incident-19328","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:13.354529Z","receivedAt":"2026-05-15T20:53:13.365859Z"},{"id":3926,"fincertId":"FINCERT-2026-003926","incidentId":19326,"idempotencyKey":"incident-19326","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:13.302483Z","receivedAt":"2026-05-15T20:53:13.321057Z"},{"id":3925,"fincertId":"FINCERT-2026-003925","incidentId":19323,"idempotencyKey":"incident-19323","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:13.235523Z","receivedAt":"2026-05-15T20:53:13.248289Z"},{"id":3924,"fincertId":"FINCERT-2026-003924","incidentId":19319,"idempotencyKey":"incident-19319","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:13.176568Z","receivedAt":"2026-05-15T20:53:13.187978Z"},{"id":3923,"fincertId":"FINCERT-2026-003923","incidentId":19316,"idempotencyKey":"incident-19316","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:13.121666Z","receivedAt":"2026-05-15T20:53:13.138419Z"},{"id":3922,"fincertId":"FINCERT-2026-003922","incidentId":19308,"idempotencyKey":"incident-19308","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:12.962461Z","receivedAt":"2026-05-15T20:53:12.985045Z"},{"id":3921,"fincertId":"FINCERT-2026-003921","incidentId":19302,"idempotencyKey":"incident-19302","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:12.870071Z","receivedAt":"2026-05-15T20:53:12.883012Z"},{"id":3920,"fincertId":"FINCERT-2026-003920","incidentId":19298,"idempotencyKey":"incident-19298","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:12.765163Z","receivedAt":"2026-05-15T20:53:12.778091Z"},{"id":3919,"fincertId":"FINCERT-2026-003919","incidentId":19297,"idempotencyKey":"incident-19297","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:12.746469Z","receivedAt":"2026-05-15T20:53:12.759107Z"},{"id":3918,"fincertId":"FINCERT-2026-003918","incidentId":19289,"idempotencyKey":"incident-19289","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:12.616888Z","receivedAt":"2026-05-15T20:53:12.640964Z"},{"id":3917,"fincertId":"FINCERT-2026-003917","incidentId":19287,"idempotencyKey":"incident-19287","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:12.580363Z","receivedAt":"2026-05-15T20:53:12.592760Z"},{"id":3916,"fincertId":"FINCERT-2026-003916","incidentId":19283,"idempotencyKey":"incident-19283","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:12.513323Z","receivedAt":"2026-05-15T20:53:12.530573Z"},{"id":3915,"fincertId":"FINCERT-2026-003915","incidentId":19274,"idempotencyKey":"incident-19274","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:12.280553Z","receivedAt":"2026-05-15T20:53:12.293424Z"},{"id":3914,"fincertId":"FINCERT-2026-003914","incidentId":19271,"idempotencyKey":"incident-19271","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:12.233514Z","receivedAt":"2026-05-15T20:53:12.245784Z"},{"id":3913,"fincertId":"FINCERT-2026-003913","incidentId":19270,"idempotencyKey":"incident-19270","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:12.212428Z","receivedAt":"2026-05-15T20:53:12.225381Z"},{"id":3912,"fincertId":"FINCERT-2026-003912","incidentId":19268,"idempotencyKey":"incident-19268","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:12.172247Z","receivedAt":"2026-05-15T20:53:12.185726Z"},{"id":3911,"fincertId":"FINCERT-2026-003911","incidentId":19261,"idempotencyKey":"incident-19261","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:12.039995Z","receivedAt":"2026-05-15T20:53:12.053391Z"},{"id":3910,"fincertId":"FINCERT-2026-003910","incidentId":19259,"idempotencyKey":"incident-19259","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:11.986991Z","receivedAt":"2026-05-15T20:53:12.002063Z"},{"id":3909,"fincertId":"FINCERT-2026-003909","incidentId":19253,"idempotencyKey":"incident-19253","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:11.885808Z","receivedAt":"2026-05-15T20:53:11.897672Z"},{"id":3908,"fincertId":"FINCERT-2026-003908","incidentId":19251,"idempotencyKey":"incident-19251","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:11.831213Z","receivedAt":"2026-05-15T20:53:11.865581Z"},{"id":3907,"fincertId":"FINCERT-2026-003907","incidentId":19250,"idempotencyKey":"incident-19250","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:11.794981Z","receivedAt":"2026-05-15T20:53:11.809445Z"},{"id":3906,"fincertId":"FINCERT-2026-003906","incidentId":19247,"idempotencyKey":"incident-19247","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:11.751242Z","receivedAt":"2026-05-15T20:53:11.762437Z"},{"id":3905,"fincertId":"FINCERT-2026-003905","incidentId":19246,"idempotencyKey":"incident-19246","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:11.732627Z","receivedAt":"2026-05-15T20:53:11.744316Z"},{"id":3904,"fincertId":"FINCERT-2026-003904","incidentId":19243,"idempotencyKey":"incident-19243","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:11.675085Z","receivedAt":"2026-05-15T20:53:11.689684Z"},{"id":3903,"fincertId":"FINCERT-2026-003903","incidentId":19236,"idempotencyKey":"incident-19236","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:11.520458Z","receivedAt":"2026-05-15T20:53:11.538110Z"},{"id":3902,"fincertId":"FINCERT-2026-003902","incidentId":19230,"idempotencyKey":"incident-19230","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:11.404782Z","receivedAt":"2026-05-15T20:53:11.417316Z"},{"id":3901,"fincertId":"FINCERT-2026-003901","incidentId":19227,"idempotencyKey":"incident-19227","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:11.353047Z","receivedAt":"2026-05-15T20:53:11.370772Z"},{"id":3900,"fincertId":"FINCERT-2026-003900","incidentId":19220,"idempotencyKey":"incident-19220","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:11.229885Z","receivedAt":"2026-05-15T20:53:11.241441Z"},{"id":3899,"fincertId":"FINCERT-2026-003899","incidentId":19214,"idempotencyKey":"incident-19214","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:11.106874Z","receivedAt":"2026-05-15T20:53:11.121666Z"},{"id":3898,"fincertId":"FINCERT-2026-003898","incidentId":19211,"idempotencyKey":"incident-19211","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:11.055678Z","receivedAt":"2026-05-15T20:53:11.067203Z"},{"id":3897,"fincertId":"FINCERT-2026-003897","incidentId":19210,"idempotencyKey":"incident-19210","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:11.029988Z","receivedAt":"2026-05-15T20:53:11.041739Z"},{"id":3896,"fincertId":"FINCERT-2026-003896","incidentId":19206,"idempotencyKey":"incident-19206","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:10.963344Z","receivedAt":"2026-05-15T20:53:10.981112Z"},{"id":3895,"fincertId":"FINCERT-2026-003895","incidentId":19201,"idempotencyKey":"incident-19201","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:10.883787Z","receivedAt":"2026-05-15T20:53:10.899605Z"},{"id":3894,"fincertId":"FINCERT-2026-003894","incidentId":19200,"idempotencyKey":"incident-19200","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:10.842551Z","receivedAt":"2026-05-15T20:53:10.873958Z"},{"id":3893,"fincertId":"FINCERT-2026-003893","incidentId":19199,"idempotencyKey":"incident-19199","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:10.806048Z","receivedAt":"2026-05-15T20:53:10.823572Z"},{"id":3892,"fincertId":"FINCERT-2026-003892","incidentId":19193,"idempotencyKey":"incident-19193","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:10.698963Z","receivedAt":"2026-05-15T20:53:10.712632Z"},{"id":3891,"fincertId":"FINCERT-2026-003891","incidentId":19191,"idempotencyKey":"incident-19191","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:10.655772Z","receivedAt":"2026-05-15T20:53:10.671304Z"},{"id":3890,"fincertId":"FINCERT-2026-003890","incidentId":19179,"idempotencyKey":"incident-19179","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:10.380527Z","receivedAt":"2026-05-15T20:53:10.395292Z"},{"id":3889,"fincertId":"FINCERT-2026-003889","incidentId":19178,"idempotencyKey":"incident-19178","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:10.339074Z","receivedAt":"2026-05-15T20:53:10.355735Z"},{"id":3888,"fincertId":"FINCERT-2026-003888","incidentId":19174,"idempotencyKey":"incident-19174","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:10.244554Z","receivedAt":"2026-05-15T20:53:10.257335Z"},{"id":3887,"fincertId":"FINCERT-2026-003887","incidentId":19167,"idempotencyKey":"incident-19167","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:10.097432Z","receivedAt":"2026-05-15T20:53:10.114426Z"},{"id":3886,"fincertId":"FINCERT-2026-003886","incidentId":19160,"idempotencyKey":"incident-19160","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:09.913622Z","receivedAt":"2026-05-15T20:53:09.931435Z"},{"id":3885,"fincertId":"FINCERT-2026-003885","incidentId":19158,"idempotencyKey":"incident-19158","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:09.840109Z","receivedAt":"2026-05-15T20:53:09.867082Z"},{"id":3884,"fincertId":"FINCERT-2026-003884","incidentId":19157,"idempotencyKey":"incident-19157","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:09.792696Z","receivedAt":"2026-05-15T20:53:09.812410Z"},{"id":3883,"fincertId":"FINCERT-2026-003883","incidentId":19156,"idempotencyKey":"incident-19156","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:09.769861Z","receivedAt":"2026-05-15T20:53:09.782552Z"},{"id":3882,"fincertId":"FINCERT-2026-003882","incidentId":19150,"idempotencyKey":"incident-19150","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:09.671907Z","receivedAt":"2026-05-15T20:53:09.687100Z"},{"id":3881,"fincertId":"FINCERT-2026-003881","incidentId":19149,"idempotencyKey":"incident-19149","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:09.647425Z","receivedAt":"2026-05-15T20:53:09.665237Z"},{"id":3880,"fincertId":"FINCERT-2026-003880","incidentId":19146,"idempotencyKey":"incident-19146","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:09.576538Z","receivedAt":"2026-05-15T20:53:09.592827Z"},{"id":3879,"fincertId":"FINCERT-2026-003879","incidentId":19145,"idempotencyKey":"incident-19145","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:09.550841Z","receivedAt":"2026-05-15T20:53:09.562943Z"},{"id":3878,"fincertId":"FINCERT-2026-003878","incidentId":19144,"idempotencyKey":"incident-19144","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:09.522862Z","receivedAt":"2026-05-15T20:53:09.536748Z"},{"id":3877,"fincertId":"FINCERT-2026-003877","incidentId":19143,"idempotencyKey":"incident-19143","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:09.490461Z","receivedAt":"2026-05-15T20:53:09.510104Z"},{"id":3876,"fincertId":"FINCERT-2026-003876","incidentId":19137,"idempotencyKey":"incident-19137","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:09.380542Z","receivedAt":"2026-05-15T20:53:09.394050Z"},{"id":3875,"fincertId":"FINCERT-2026-003875","incidentId":19132,"idempotencyKey":"incident-19132","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:09.286498Z","receivedAt":"2026-05-15T20:53:09.298570Z"},{"id":3874,"fincertId":"FINCERT-2026-003874","incidentId":19128,"idempotencyKey":"incident-19128","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:09.213076Z","receivedAt":"2026-05-15T20:53:09.228244Z"},{"id":3873,"fincertId":"FINCERT-2026-003873","incidentId":19125,"idempotencyKey":"incident-19125","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:09.149782Z","receivedAt":"2026-05-15T20:53:09.171476Z"},{"id":3872,"fincertId":"FINCERT-2026-003872","incidentId":19123,"idempotencyKey":"incident-19123","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:09.085797Z","receivedAt":"2026-05-15T20:53:09.105131Z"},{"id":3871,"fincertId":"FINCERT-2026-003871","incidentId":19117,"idempotencyKey":"incident-19117","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:08.943717Z","receivedAt":"2026-05-15T20:53:08.958931Z"},{"id":3870,"fincertId":"FINCERT-2026-003870","incidentId":19109,"idempotencyKey":"incident-19109","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:08.806961Z","receivedAt":"2026-05-15T20:53:08.830842Z"},{"id":3869,"fincertId":"FINCERT-2026-003869","incidentId":19106,"idempotencyKey":"incident-19106","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:08.757902Z","receivedAt":"2026-05-15T20:53:08.769519Z"},{"id":3868,"fincertId":"FINCERT-2026-003868","incidentId":19103,"idempotencyKey":"incident-19103","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:08.703070Z","receivedAt":"2026-05-15T20:53:08.716893Z"},{"id":3867,"fincertId":"FINCERT-2026-003867","incidentId":19091,"idempotencyKey":"incident-19091","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:08.476494Z","receivedAt":"2026-05-15T20:53:08.496130Z"},{"id":3866,"fincertId":"FINCERT-2026-003866","incidentId":19088,"idempotencyKey":"incident-19088","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:08.422990Z","receivedAt":"2026-05-15T20:53:08.434808Z"},{"id":3865,"fincertId":"FINCERT-2026-003865","incidentId":19084,"idempotencyKey":"incident-19084","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:08.352384Z","receivedAt":"2026-05-15T20:53:08.371897Z"},{"id":3864,"fincertId":"FINCERT-2026-003864","incidentId":19082,"idempotencyKey":"incident-19082","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:08.298690Z","receivedAt":"2026-05-15T20:53:08.313823Z"},{"id":3863,"fincertId":"FINCERT-2026-003863","incidentId":19081,"idempotencyKey":"incident-19081","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:08.279573Z","receivedAt":"2026-05-15T20:53:08.292561Z"},{"id":3862,"fincertId":"FINCERT-2026-003862","incidentId":19077,"idempotencyKey":"incident-19077","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:08.217205Z","receivedAt":"2026-05-15T20:53:08.230642Z"},{"id":3861,"fincertId":"FINCERT-2026-003861","incidentId":19073,"idempotencyKey":"incident-19073","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:08.160868Z","receivedAt":"2026-05-15T20:53:08.171707Z"},{"id":3860,"fincertId":"FINCERT-2026-003860","incidentId":19062,"idempotencyKey":"incident-19062","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:07.967254Z","receivedAt":"2026-05-15T20:53:07.996339Z"},{"id":3859,"fincertId":"FINCERT-2026-003859","incidentId":19053,"idempotencyKey":"incident-19053","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:07.782367Z","receivedAt":"2026-05-15T20:53:07.797149Z"},{"id":3858,"fincertId":"FINCERT-2026-003858","incidentId":19052,"idempotencyKey":"incident-19052","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:07.742929Z","receivedAt":"2026-05-15T20:53:07.759590Z"},{"id":3857,"fincertId":"FINCERT-2026-003857","incidentId":19045,"idempotencyKey":"incident-19045","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:07.585643Z","receivedAt":"2026-05-15T20:53:07.605588Z"},{"id":3856,"fincertId":"FINCERT-2026-003856","incidentId":19044,"idempotencyKey":"incident-19044","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:07.555934Z","receivedAt":"2026-05-15T20:53:07.575525Z"},{"id":3855,"fincertId":"FINCERT-2026-003855","incidentId":19042,"idempotencyKey":"incident-19042","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:07.490420Z","receivedAt":"2026-05-15T20:53:07.519980Z"},{"id":3854,"fincertId":"FINCERT-2026-003854","incidentId":19041,"idempotencyKey":"incident-19041","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:07.451032Z","receivedAt":"2026-05-15T20:53:07.474360Z"},{"id":3853,"fincertId":"FINCERT-2026-003853","incidentId":19034,"idempotencyKey":"incident-19034","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:07.280349Z","receivedAt":"2026-05-15T20:53:07.294563Z"},{"id":3852,"fincertId":"FINCERT-2026-003852","incidentId":19029,"idempotencyKey":"incident-19029","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:07.176151Z","receivedAt":"2026-05-15T20:53:07.191414Z"},{"id":3851,"fincertId":"FINCERT-2026-003851","incidentId":19028,"idempotencyKey":"incident-19028","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:07.127305Z","receivedAt":"2026-05-15T20:53:07.150607Z"},{"id":3850,"fincertId":"FINCERT-2026-003850","incidentId":19027,"idempotencyKey":"incident-19027","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:07.087729Z","receivedAt":"2026-05-15T20:53:07.112163Z"},{"id":3849,"fincertId":"FINCERT-2026-003849","incidentId":19025,"idempotencyKey":"incident-19025","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:07.013113Z","receivedAt":"2026-05-15T20:53:07.043731Z"},{"id":3848,"fincertId":"FINCERT-2026-003848","incidentId":19021,"idempotencyKey":"incident-19021","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:06.912112Z","receivedAt":"2026-05-15T20:53:06.923863Z"},{"id":3847,"fincertId":"FINCERT-2026-003847","incidentId":19011,"idempotencyKey":"incident-19011","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:06.689641Z","receivedAt":"2026-05-15T20:53:06.702339Z"},{"id":3846,"fincertId":"FINCERT-2026-003846","incidentId":19010,"idempotencyKey":"incident-19010","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:06.656481Z","receivedAt":"2026-05-15T20:53:06.674718Z"},{"id":3845,"fincertId":"FINCERT-2026-003845","incidentId":19007,"idempotencyKey":"incident-19007","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:06.584080Z","receivedAt":"2026-05-15T20:53:06.598782Z"},{"id":3844,"fincertId":"FINCERT-2026-003844","incidentId":19006,"idempotencyKey":"incident-19006","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:06.554494Z","receivedAt":"2026-05-15T20:53:06.566606Z"},{"id":3843,"fincertId":"FINCERT-2026-003843","incidentId":19002,"idempotencyKey":"incident-19002","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:06.459997Z","receivedAt":"2026-05-15T20:53:06.479989Z"},{"id":3842,"fincertId":"FINCERT-2026-003842","incidentId":18997,"idempotencyKey":"incident-18997","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:06.374789Z","receivedAt":"2026-05-15T20:53:06.388897Z"},{"id":3841,"fincertId":"FINCERT-2026-003841","incidentId":18995,"idempotencyKey":"incident-18995","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:06.338972Z","receivedAt":"2026-05-15T20:53:06.354405Z"},{"id":3840,"fincertId":"FINCERT-2026-003840","incidentId":18989,"idempotencyKey":"incident-18989","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:06.229668Z","receivedAt":"2026-05-15T20:53:06.246676Z"},{"id":3839,"fincertId":"FINCERT-2026-003839","incidentId":18974,"idempotencyKey":"incident-18974","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:05.915111Z","receivedAt":"2026-05-15T20:53:05.927995Z"},{"id":3838,"fincertId":"FINCERT-2026-003838","incidentId":18971,"idempotencyKey":"incident-18971","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:05.798593Z","receivedAt":"2026-05-15T20:53:05.820390Z"},{"id":3837,"fincertId":"FINCERT-2026-003837","incidentId":18964,"idempotencyKey":"incident-18964","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:05.678377Z","receivedAt":"2026-05-15T20:53:05.692029Z"},{"id":3836,"fincertId":"FINCERT-2026-003836","incidentId":18960,"idempotencyKey":"incident-18960","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:05.598967Z","receivedAt":"2026-05-15T20:53:05.618007Z"},{"id":3835,"fincertId":"FINCERT-2026-003835","incidentId":18955,"idempotencyKey":"incident-18955","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:05.515405Z","receivedAt":"2026-05-15T20:53:05.528696Z"},{"id":3834,"fincertId":"FINCERT-2026-003834","incidentId":18954,"idempotencyKey":"incident-18954","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:05.492796Z","receivedAt":"2026-05-15T20:53:05.507505Z"},{"id":3833,"fincertId":"FINCERT-2026-003833","incidentId":18942,"idempotencyKey":"incident-18942","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:05.259998Z","receivedAt":"2026-05-15T20:53:05.275538Z"},{"id":3832,"fincertId":"FINCERT-2026-003832","incidentId":18941,"idempotencyKey":"incident-18941","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:05.235688Z","receivedAt":"2026-05-15T20:53:05.251989Z"},{"id":3831,"fincertId":"FINCERT-2026-003831","incidentId":18928,"idempotencyKey":"incident-18928","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:05.021089Z","receivedAt":"2026-05-15T20:53:05.033602Z"},{"id":3830,"fincertId":"FINCERT-2026-003830","incidentId":18927,"idempotencyKey":"incident-18927","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:05.001926Z","receivedAt":"2026-05-15T20:53:05.015115Z"},{"id":3829,"fincertId":"FINCERT-2026-003829","incidentId":18922,"idempotencyKey":"incident-18922","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:04.908234Z","receivedAt":"2026-05-15T20:53:04.920237Z"},{"id":3828,"fincertId":"FINCERT-2026-003828","incidentId":18916,"idempotencyKey":"incident-18916","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:04.793788Z","receivedAt":"2026-05-15T20:53:04.810962Z"},{"id":3827,"fincertId":"FINCERT-2026-003827","incidentId":18914,"idempotencyKey":"incident-18914","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:04.762146Z","receivedAt":"2026-05-15T20:53:04.773506Z"},{"id":3826,"fincertId":"FINCERT-2026-003826","incidentId":18908,"idempotencyKey":"incident-18908","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:04.677212Z","receivedAt":"2026-05-15T20:53:04.687379Z"},{"id":3825,"fincertId":"FINCERT-2026-003825","incidentId":18907,"idempotencyKey":"incident-18907","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:04.660658Z","receivedAt":"2026-05-15T20:53:04.671848Z"},{"id":3824,"fincertId":"FINCERT-2026-003824","incidentId":18901,"idempotencyKey":"incident-18901","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:04.558423Z","receivedAt":"2026-05-15T20:53:04.569780Z"},{"id":3823,"fincertId":"FINCERT-2026-003823","incidentId":18898,"idempotencyKey":"incident-18898","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:04.505013Z","receivedAt":"2026-05-15T20:53:04.517866Z"},{"id":3822,"fincertId":"FINCERT-2026-003822","incidentId":18894,"idempotencyKey":"incident-18894","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:04.414541Z","receivedAt":"2026-05-15T20:53:04.428360Z"},{"id":3821,"fincertId":"FINCERT-2026-003821","incidentId":18891,"idempotencyKey":"incident-18891","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:04.361001Z","receivedAt":"2026-05-15T20:53:04.374444Z"},{"id":3820,"fincertId":"FINCERT-2026-003820","incidentId":18887,"idempotencyKey":"incident-18887","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:04.278561Z","receivedAt":"2026-05-15T20:53:04.291065Z"},{"id":3819,"fincertId":"FINCERT-2026-003819","incidentId":18886,"idempotencyKey":"incident-18886","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:04.254705Z","receivedAt":"2026-05-15T20:53:04.266624Z"},{"id":3818,"fincertId":"FINCERT-2026-003818","incidentId":18882,"idempotencyKey":"incident-18882","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:04.188466Z","receivedAt":"2026-05-15T20:53:04.201515Z"},{"id":3817,"fincertId":"FINCERT-2026-003817","incidentId":18880,"idempotencyKey":"incident-18880","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:04.153684Z","receivedAt":"2026-05-15T20:53:04.166793Z"},{"id":3816,"fincertId":"FINCERT-2026-003816","incidentId":18871,"idempotencyKey":"incident-18871","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:04.014225Z","receivedAt":"2026-05-15T20:53:04.027549Z"},{"id":3815,"fincertId":"FINCERT-2026-003815","incidentId":18869,"idempotencyKey":"incident-18869","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:03.958841Z","receivedAt":"2026-05-15T20:53:03.978894Z"},{"id":3814,"fincertId":"FINCERT-2026-003814","incidentId":18868,"idempotencyKey":"incident-18868","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:03.931505Z","receivedAt":"2026-05-15T20:53:03.943374Z"},{"id":3813,"fincertId":"FINCERT-2026-003813","incidentId":18865,"idempotencyKey":"incident-18865","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:03.885729Z","receivedAt":"2026-05-15T20:53:03.897492Z"},{"id":3812,"fincertId":"FINCERT-2026-003812","incidentId":18862,"idempotencyKey":"incident-18862","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:03.822244Z","receivedAt":"2026-05-15T20:53:03.847006Z"},{"id":3811,"fincertId":"FINCERT-2026-003811","incidentId":18861,"idempotencyKey":"incident-18861","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:03.784014Z","receivedAt":"2026-05-15T20:53:03.796613Z"},{"id":3810,"fincertId":"FINCERT-2026-003810","incidentId":18853,"idempotencyKey":"incident-18853","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:03.662385Z","receivedAt":"2026-05-15T20:53:03.675057Z"},{"id":3809,"fincertId":"FINCERT-2026-003809","incidentId":18850,"idempotencyKey":"incident-18850","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:03.605435Z","receivedAt":"2026-05-15T20:53:03.623952Z"},{"id":3808,"fincertId":"FINCERT-2026-003808","incidentId":18845,"idempotencyKey":"incident-18845","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:03.504129Z","receivedAt":"2026-05-15T20:53:03.535471Z"},{"id":3807,"fincertId":"FINCERT-2026-003807","incidentId":18844,"idempotencyKey":"incident-18844","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:03.456366Z","receivedAt":"2026-05-15T20:53:03.487313Z"},{"id":3806,"fincertId":"FINCERT-2026-003806","incidentId":18841,"idempotencyKey":"incident-18841","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:03.401128Z","receivedAt":"2026-05-15T20:53:03.414016Z"},{"id":3805,"fincertId":"FINCERT-2026-003805","incidentId":18838,"idempotencyKey":"incident-18838","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:03.312783Z","receivedAt":"2026-05-15T20:53:03.351365Z"},{"id":3804,"fincertId":"FINCERT-2026-003804","incidentId":18835,"idempotencyKey":"incident-18835","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:03.231869Z","receivedAt":"2026-05-15T20:53:03.248549Z"},{"id":3803,"fincertId":"FINCERT-2026-003803","incidentId":18830,"idempotencyKey":"incident-18830","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:03.095559Z","receivedAt":"2026-05-15T20:53:03.113250Z"},{"id":3802,"fincertId":"FINCERT-2026-003802","incidentId":18828,"idempotencyKey":"incident-18828","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:03.061795Z","receivedAt":"2026-05-15T20:53:03.074322Z"},{"id":3801,"fincertId":"FINCERT-2026-003801","incidentId":18827,"idempotencyKey":"incident-18827","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:03.043616Z","receivedAt":"2026-05-15T20:53:03.055316Z"},{"id":3800,"fincertId":"FINCERT-2026-003800","incidentId":18818,"idempotencyKey":"incident-18818","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:02.864074Z","receivedAt":"2026-05-15T20:53:02.877572Z"},{"id":3799,"fincertId":"FINCERT-2026-003799","incidentId":18817,"idempotencyKey":"incident-18817","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:02.822024Z","receivedAt":"2026-05-15T20:53:02.847227Z"},{"id":3798,"fincertId":"FINCERT-2026-003798","incidentId":18816,"idempotencyKey":"incident-18816","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:02.795156Z","receivedAt":"2026-05-15T20:53:02.814372Z"},{"id":3797,"fincertId":"FINCERT-2026-003797","incidentId":18812,"idempotencyKey":"incident-18812","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:02.726346Z","receivedAt":"2026-05-15T20:53:02.739961Z"},{"id":3796,"fincertId":"FINCERT-2026-003796","incidentId":18810,"idempotencyKey":"incident-18810","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:02.692776Z","receivedAt":"2026-05-15T20:53:02.705856Z"},{"id":3795,"fincertId":"FINCERT-2026-003795","incidentId":18806,"idempotencyKey":"incident-18806","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:02.619253Z","receivedAt":"2026-05-15T20:53:02.640589Z"},{"id":3794,"fincertId":"FINCERT-2026-003794","incidentId":18801,"idempotencyKey":"incident-18801","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:02.527839Z","receivedAt":"2026-05-15T20:53:02.542142Z"},{"id":3793,"fincertId":"FINCERT-2026-003793","incidentId":18797,"idempotencyKey":"incident-18797","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:02.434498Z","receivedAt":"2026-05-15T20:53:02.447909Z"},{"id":3792,"fincertId":"FINCERT-2026-003792","incidentId":18795,"idempotencyKey":"incident-18795","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:02.400606Z","receivedAt":"2026-05-15T20:53:02.413543Z"},{"id":3791,"fincertId":"FINCERT-2026-003791","incidentId":18794,"idempotencyKey":"incident-18794","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:02.379969Z","receivedAt":"2026-05-15T20:53:02.393299Z"},{"id":3790,"fincertId":"FINCERT-2026-003790","incidentId":18791,"idempotencyKey":"incident-18791","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:02.291530Z","receivedAt":"2026-05-15T20:53:02.308459Z"},{"id":3789,"fincertId":"FINCERT-2026-003789","incidentId":18790,"idempotencyKey":"incident-18790","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:02.270122Z","receivedAt":"2026-05-15T20:53:02.283626Z"},{"id":3788,"fincertId":"FINCERT-2026-003788","incidentId":18789,"idempotencyKey":"incident-18789","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:02.233696Z","receivedAt":"2026-05-15T20:53:02.253813Z"},{"id":3787,"fincertId":"FINCERT-2026-003787","incidentId":18784,"idempotencyKey":"incident-18784","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:02.141965Z","receivedAt":"2026-05-15T20:53:02.157413Z"},{"id":3786,"fincertId":"FINCERT-2026-003786","incidentId":18783,"idempotencyKey":"incident-18783","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:02.109212Z","receivedAt":"2026-05-15T20:53:02.132636Z"},{"id":3785,"fincertId":"FINCERT-2026-003785","incidentId":18779,"idempotencyKey":"incident-18779","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:02.025620Z","receivedAt":"2026-05-15T20:53:02.041742Z"},{"id":3784,"fincertId":"FINCERT-2026-003784","incidentId":18777,"idempotencyKey":"incident-18777","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:01.973817Z","receivedAt":"2026-05-15T20:53:01.997137Z"},{"id":3783,"fincertId":"FINCERT-2026-003783","incidentId":18776,"idempotencyKey":"incident-18776","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:01.947759Z","receivedAt":"2026-05-15T20:53:01.966802Z"},{"id":3782,"fincertId":"FINCERT-2026-003782","incidentId":18773,"idempotencyKey":"incident-18773","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:01.898397Z","receivedAt":"2026-05-15T20:53:01.912082Z"},{"id":3781,"fincertId":"FINCERT-2026-003781","incidentId":18768,"idempotencyKey":"incident-18768","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:01.788109Z","receivedAt":"2026-05-15T20:53:01.799783Z"},{"id":3780,"fincertId":"FINCERT-2026-003780","incidentId":18766,"idempotencyKey":"incident-18766","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:01.744106Z","receivedAt":"2026-05-15T20:53:01.759373Z"},{"id":3779,"fincertId":"FINCERT-2026-003779","incidentId":18760,"idempotencyKey":"incident-18760","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:01.571984Z","receivedAt":"2026-05-15T20:53:01.587052Z"},{"id":3778,"fincertId":"FINCERT-2026-003778","incidentId":18759,"idempotencyKey":"incident-18759","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:01.546604Z","receivedAt":"2026-05-15T20:53:01.559478Z"},{"id":3777,"fincertId":"FINCERT-2026-003777","incidentId":18757,"idempotencyKey":"incident-18757","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:01.512168Z","receivedAt":"2026-05-15T20:53:01.525027Z"},{"id":3776,"fincertId":"FINCERT-2026-003776","incidentId":18756,"idempotencyKey":"incident-18756","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:01.490828Z","receivedAt":"2026-05-15T20:53:01.504730Z"},{"id":3775,"fincertId":"FINCERT-2026-003775","incidentId":18753,"idempotencyKey":"incident-18753","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:01.424566Z","receivedAt":"2026-05-15T20:53:01.439401Z"},{"id":3774,"fincertId":"FINCERT-2026-003774","incidentId":18751,"idempotencyKey":"incident-18751","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:01.385744Z","receivedAt":"2026-05-15T20:53:01.398622Z"},{"id":3773,"fincertId":"FINCERT-2026-003773","incidentId":18750,"idempotencyKey":"incident-18750","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:01.357365Z","receivedAt":"2026-05-15T20:53:01.371320Z"},{"id":3772,"fincertId":"FINCERT-2026-003772","incidentId":18749,"idempotencyKey":"incident-18749","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:01.329641Z","receivedAt":"2026-05-15T20:53:01.351125Z"},{"id":3771,"fincertId":"FINCERT-2026-003771","incidentId":18745,"idempotencyKey":"incident-18745","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:01.255338Z","receivedAt":"2026-05-15T20:53:01.267048Z"},{"id":3770,"fincertId":"FINCERT-2026-003770","incidentId":18743,"idempotencyKey":"incident-18743","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:01.208447Z","receivedAt":"2026-05-15T20:53:01.224589Z"},{"id":3769,"fincertId":"FINCERT-2026-003769","incidentId":18739,"idempotencyKey":"incident-18739","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:01.139090Z","receivedAt":"2026-05-15T20:53:01.152706Z"},{"id":3768,"fincertId":"FINCERT-2026-003768","incidentId":18730,"idempotencyKey":"incident-18730","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:00.975552Z","receivedAt":"2026-05-15T20:53:00.999095Z"},{"id":3767,"fincertId":"FINCERT-2026-003767","incidentId":18726,"idempotencyKey":"incident-18726","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:00.857665Z","receivedAt":"2026-05-15T20:53:00.887355Z"},{"id":3766,"fincertId":"FINCERT-2026-003766","incidentId":18720,"idempotencyKey":"incident-18720","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:00.719042Z","receivedAt":"2026-05-15T20:53:00.737477Z"},{"id":3765,"fincertId":"FINCERT-2026-003765","incidentId":18717,"idempotencyKey":"incident-18717","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:00.654606Z","receivedAt":"2026-05-15T20:53:00.674741Z"},{"id":3764,"fincertId":"FINCERT-2026-003764","incidentId":18716,"idempotencyKey":"incident-18716","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:53:00.622895Z","receivedAt":"2026-05-15T20:53:00.645329Z"},{"id":3763,"fincertId":"FINCERT-2026-003763","incidentId":18713,"idempotencyKey":"incident-18713","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:00.561369Z","receivedAt":"2026-05-15T20:53:00.574282Z"},{"id":3762,"fincertId":"FINCERT-2026-003762","incidentId":18712,"idempotencyKey":"incident-18712","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:53:00.540404Z","receivedAt":"2026-05-15T20:53:00.554466Z"},{"id":3761,"fincertId":"FINCERT-2026-003761","incidentId":18705,"idempotencyKey":"incident-18705","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:53:00.410874Z","receivedAt":"2026-05-15T20:53:00.423967Z"},{"id":3760,"fincertId":"FINCERT-2026-003760","incidentId":18701,"idempotencyKey":"incident-18701","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:53:00.311870Z","receivedAt":"2026-05-15T20:53:00.338050Z"},{"id":3759,"fincertId":"FINCERT-2026-003759","incidentId":18698,"idempotencyKey":"incident-18698","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:53:00.228612Z","receivedAt":"2026-05-15T20:53:00.258812Z"},{"id":3758,"fincertId":"FINCERT-2026-003758","incidentId":18693,"idempotencyKey":"incident-18693","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:53:00.062628Z","receivedAt":"2026-05-15T20:53:00.077575Z"},{"id":3757,"fincertId":"FINCERT-2026-003757","incidentId":18684,"idempotencyKey":"incident-18684","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:59.862070Z","receivedAt":"2026-05-15T20:52:59.879077Z"},{"id":3756,"fincertId":"FINCERT-2026-003756","incidentId":18675,"idempotencyKey":"incident-18675","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:59.623314Z","receivedAt":"2026-05-15T20:52:59.666863Z"},{"id":3755,"fincertId":"FINCERT-2026-003755","incidentId":18664,"idempotencyKey":"incident-18664","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:59.423787Z","receivedAt":"2026-05-15T20:52:59.435392Z"},{"id":3754,"fincertId":"FINCERT-2026-003754","incidentId":18663,"idempotencyKey":"incident-18663","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:59.404499Z","receivedAt":"2026-05-15T20:52:59.417676Z"},{"id":3753,"fincertId":"FINCERT-2026-003753","incidentId":18661,"idempotencyKey":"incident-18661","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:59.369601Z","receivedAt":"2026-05-15T20:52:59.381986Z"},{"id":3752,"fincertId":"FINCERT-2026-003752","incidentId":18657,"idempotencyKey":"incident-18657","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:59.286639Z","receivedAt":"2026-05-15T20:52:59.300128Z"},{"id":3751,"fincertId":"FINCERT-2026-003751","incidentId":18656,"idempotencyKey":"incident-18656","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:59.267988Z","receivedAt":"2026-05-15T20:52:59.280116Z"},{"id":3750,"fincertId":"FINCERT-2026-003750","incidentId":18654,"idempotencyKey":"incident-18654","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:59.221408Z","receivedAt":"2026-05-15T20:52:59.236309Z"},{"id":3749,"fincertId":"FINCERT-2026-003749","incidentId":18649,"idempotencyKey":"incident-18649","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:59.126571Z","receivedAt":"2026-05-15T20:52:59.147279Z"},{"id":3748,"fincertId":"FINCERT-2026-003748","incidentId":18633,"idempotencyKey":"incident-18633","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:58.807760Z","receivedAt":"2026-05-15T20:52:58.833598Z"},{"id":3747,"fincertId":"FINCERT-2026-003747","incidentId":18629,"idempotencyKey":"incident-18629","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:58.731467Z","receivedAt":"2026-05-15T20:52:58.747499Z"},{"id":3746,"fincertId":"FINCERT-2026-003746","incidentId":18628,"idempotencyKey":"incident-18628","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:58.701717Z","receivedAt":"2026-05-15T20:52:58.716771Z"},{"id":3745,"fincertId":"FINCERT-2026-003745","incidentId":18626,"idempotencyKey":"incident-18626","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:58.655995Z","receivedAt":"2026-05-15T20:52:58.669358Z"},{"id":3744,"fincertId":"FINCERT-2026-003744","incidentId":18623,"idempotencyKey":"incident-18623","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:58.591583Z","receivedAt":"2026-05-15T20:52:58.609003Z"},{"id":3743,"fincertId":"FINCERT-2026-003743","incidentId":18621,"idempotencyKey":"incident-18621","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:58.546792Z","receivedAt":"2026-05-15T20:52:58.559617Z"},{"id":3742,"fincertId":"FINCERT-2026-003742","incidentId":18615,"idempotencyKey":"incident-18615","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:58.398355Z","receivedAt":"2026-05-15T20:52:58.412705Z"},{"id":3741,"fincertId":"FINCERT-2026-003741","incidentId":18607,"idempotencyKey":"incident-18607","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:58.242608Z","receivedAt":"2026-05-15T20:52:58.257715Z"},{"id":3740,"fincertId":"FINCERT-2026-003740","incidentId":18606,"idempotencyKey":"incident-18606","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:58.193580Z","receivedAt":"2026-05-15T20:52:58.221652Z"},{"id":3739,"fincertId":"FINCERT-2026-003739","incidentId":18602,"idempotencyKey":"incident-18602","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:58.076580Z","receivedAt":"2026-05-15T20:52:58.093568Z"},{"id":3738,"fincertId":"FINCERT-2026-003738","incidentId":18599,"idempotencyKey":"incident-18599","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:58.008460Z","receivedAt":"2026-05-15T20:52:58.028077Z"},{"id":3737,"fincertId":"FINCERT-2026-003737","incidentId":18598,"idempotencyKey":"incident-18598","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:57.964672Z","receivedAt":"2026-05-15T20:52:57.987956Z"},{"id":3736,"fincertId":"FINCERT-2026-003736","incidentId":18594,"idempotencyKey":"incident-18594","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:57.884076Z","receivedAt":"2026-05-15T20:52:57.897472Z"},{"id":3735,"fincertId":"FINCERT-2026-003735","incidentId":18593,"idempotencyKey":"incident-18593","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:57.858681Z","receivedAt":"2026-05-15T20:52:57.876893Z"},{"id":3734,"fincertId":"FINCERT-2026-003734","incidentId":18590,"idempotencyKey":"incident-18590","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:57.792750Z","receivedAt":"2026-05-15T20:52:57.806824Z"},{"id":3733,"fincertId":"FINCERT-2026-003733","incidentId":18586,"idempotencyKey":"incident-18586","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:57.716092Z","receivedAt":"2026-05-15T20:52:57.729956Z"},{"id":3732,"fincertId":"FINCERT-2026-003732","incidentId":18584,"idempotencyKey":"incident-18584","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:57.679822Z","receivedAt":"2026-05-15T20:52:57.692776Z"},{"id":3731,"fincertId":"FINCERT-2026-003731","incidentId":18583,"idempotencyKey":"incident-18583","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:57.649858Z","receivedAt":"2026-05-15T20:52:57.665756Z"},{"id":3730,"fincertId":"FINCERT-2026-003730","incidentId":18582,"idempotencyKey":"incident-18582","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:57.622074Z","receivedAt":"2026-05-15T20:52:57.641889Z"},{"id":3729,"fincertId":"FINCERT-2026-003729","incidentId":18579,"idempotencyKey":"incident-18579","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:57.565317Z","receivedAt":"2026-05-15T20:52:57.579055Z"},{"id":3728,"fincertId":"FINCERT-2026-003728","incidentId":18572,"idempotencyKey":"incident-18572","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:57.438231Z","receivedAt":"2026-05-15T20:52:57.450728Z"},{"id":3727,"fincertId":"FINCERT-2026-003727","incidentId":18562,"idempotencyKey":"incident-18562","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:57.239483Z","receivedAt":"2026-05-15T20:52:57.251800Z"},{"id":3726,"fincertId":"FINCERT-2026-003726","incidentId":18561,"idempotencyKey":"incident-18561","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:57.218777Z","receivedAt":"2026-05-15T20:52:57.232546Z"},{"id":3725,"fincertId":"FINCERT-2026-003725","incidentId":18558,"idempotencyKey":"incident-18558","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:57.164883Z","receivedAt":"2026-05-15T20:52:57.177691Z"},{"id":3724,"fincertId":"FINCERT-2026-003724","incidentId":18554,"idempotencyKey":"incident-18554","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:57.088958Z","receivedAt":"2026-05-15T20:52:57.102939Z"},{"id":3723,"fincertId":"FINCERT-2026-003723","incidentId":18552,"idempotencyKey":"incident-18552","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:57.054358Z","receivedAt":"2026-05-15T20:52:57.068549Z"},{"id":3722,"fincertId":"FINCERT-2026-003722","incidentId":18546,"idempotencyKey":"incident-18546","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:56.921562Z","receivedAt":"2026-05-15T20:52:56.933730Z"},{"id":3721,"fincertId":"FINCERT-2026-003721","incidentId":18544,"idempotencyKey":"incident-18544","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:56.884032Z","receivedAt":"2026-05-15T20:52:56.896946Z"},{"id":3720,"fincertId":"FINCERT-2026-003720","incidentId":18543,"idempotencyKey":"incident-18543","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:56.859248Z","receivedAt":"2026-05-15T20:52:56.875779Z"},{"id":3719,"fincertId":"FINCERT-2026-003719","incidentId":18541,"idempotencyKey":"incident-18541","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:56.788940Z","receivedAt":"2026-05-15T20:52:56.803086Z"},{"id":3718,"fincertId":"FINCERT-2026-003718","incidentId":18538,"idempotencyKey":"incident-18538","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:56.738674Z","receivedAt":"2026-05-15T20:52:56.752086Z"},{"id":3717,"fincertId":"FINCERT-2026-003717","incidentId":18537,"idempotencyKey":"incident-18537","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:56.717864Z","receivedAt":"2026-05-15T20:52:56.731748Z"},{"id":3716,"fincertId":"FINCERT-2026-003716","incidentId":18531,"idempotencyKey":"incident-18531","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:56.587055Z","receivedAt":"2026-05-15T20:52:56.599422Z"},{"id":3715,"fincertId":"FINCERT-2026-003715","incidentId":18526,"idempotencyKey":"incident-18526","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:56.505040Z","receivedAt":"2026-05-15T20:52:56.517492Z"},{"id":3714,"fincertId":"FINCERT-2026-003714","incidentId":18524,"idempotencyKey":"incident-18524","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:56.459073Z","receivedAt":"2026-05-15T20:52:56.479218Z"},{"id":3713,"fincertId":"FINCERT-2026-003713","incidentId":18523,"idempotencyKey":"incident-18523","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:56.434815Z","receivedAt":"2026-05-15T20:52:56.451054Z"},{"id":3712,"fincertId":"FINCERT-2026-003712","incidentId":18519,"idempotencyKey":"incident-18519","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:56.370074Z","receivedAt":"2026-05-15T20:52:56.382729Z"},{"id":3711,"fincertId":"FINCERT-2026-003711","incidentId":18518,"idempotencyKey":"incident-18518","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:56.333454Z","receivedAt":"2026-05-15T20:52:56.355661Z"},{"id":3710,"fincertId":"FINCERT-2026-003710","incidentId":18513,"idempotencyKey":"incident-18513","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:56.239668Z","receivedAt":"2026-05-15T20:52:56.255217Z"},{"id":3709,"fincertId":"FINCERT-2026-003709","incidentId":18498,"idempotencyKey":"incident-18498","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:55.942017Z","receivedAt":"2026-05-15T20:52:55.959636Z"},{"id":3708,"fincertId":"FINCERT-2026-003708","incidentId":18488,"idempotencyKey":"incident-18488","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:55.743653Z","receivedAt":"2026-05-15T20:52:55.757773Z"},{"id":3707,"fincertId":"FINCERT-2026-003707","incidentId":18485,"idempotencyKey":"incident-18485","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:55.693777Z","receivedAt":"2026-05-15T20:52:55.706724Z"},{"id":3706,"fincertId":"FINCERT-2026-003706","incidentId":18484,"idempotencyKey":"incident-18484","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:55.667722Z","receivedAt":"2026-05-15T20:52:55.685939Z"},{"id":3705,"fincertId":"FINCERT-2026-003705","incidentId":18481,"idempotencyKey":"incident-18481","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:55.585957Z","receivedAt":"2026-05-15T20:52:55.600505Z"},{"id":3704,"fincertId":"FINCERT-2026-003704","incidentId":18474,"idempotencyKey":"incident-18474","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:55.457833Z","receivedAt":"2026-05-15T20:52:55.482739Z"},{"id":3703,"fincertId":"FINCERT-2026-003703","incidentId":18472,"idempotencyKey":"incident-18472","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:55.420917Z","receivedAt":"2026-05-15T20:52:55.435511Z"},{"id":3702,"fincertId":"FINCERT-2026-003702","incidentId":18470,"idempotencyKey":"incident-18470","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:55.387745Z","receivedAt":"2026-05-15T20:52:55.398401Z"},{"id":3701,"fincertId":"FINCERT-2026-003701","incidentId":18467,"idempotencyKey":"incident-18467","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:55.320639Z","receivedAt":"2026-05-15T20:52:55.343215Z"},{"id":3700,"fincertId":"FINCERT-2026-003700","incidentId":18465,"idempotencyKey":"incident-18465","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:55.281410Z","receivedAt":"2026-05-15T20:52:55.294623Z"},{"id":3699,"fincertId":"FINCERT-2026-003699","incidentId":18461,"idempotencyKey":"incident-18461","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:55.208142Z","receivedAt":"2026-05-15T20:52:55.224524Z"},{"id":3698,"fincertId":"FINCERT-2026-003698","incidentId":18457,"idempotencyKey":"incident-18457","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:55.127629Z","receivedAt":"2026-05-15T20:52:55.153988Z"},{"id":3697,"fincertId":"FINCERT-2026-003697","incidentId":18448,"idempotencyKey":"incident-18448","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.957973Z","receivedAt":"2026-05-15T20:52:54.980336Z"},{"id":3696,"fincertId":"FINCERT-2026-003696","incidentId":18446,"idempotencyKey":"incident-18446","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:54.914423Z","receivedAt":"2026-05-15T20:52:54.927432Z"},{"id":3695,"fincertId":"FINCERT-2026-003695","incidentId":18442,"idempotencyKey":"incident-18442","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.817505Z","receivedAt":"2026-05-15T20:52:54.847905Z"},{"id":3694,"fincertId":"FINCERT-2026-003694","incidentId":18439,"idempotencyKey":"incident-18439","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.755613Z","receivedAt":"2026-05-15T20:52:54.770153Z"},{"id":3693,"fincertId":"FINCERT-2026-003693","incidentId":18438,"idempotencyKey":"incident-18438","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:54.734899Z","receivedAt":"2026-05-15T20:52:54.748674Z"},{"id":3692,"fincertId":"FINCERT-2026-003692","incidentId":18437,"idempotencyKey":"incident-18437","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.700961Z","receivedAt":"2026-05-15T20:52:54.724957Z"},{"id":3691,"fincertId":"FINCERT-2026-003691","incidentId":18432,"idempotencyKey":"incident-18432","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.524570Z","receivedAt":"2026-05-15T20:52:54.553910Z"},{"id":3690,"fincertId":"FINCERT-2026-003690","incidentId":18429,"idempotencyKey":"incident-18429","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.424915Z","receivedAt":"2026-05-15T20:52:54.439314Z"},{"id":3689,"fincertId":"FINCERT-2026-003689","incidentId":18424,"idempotencyKey":"incident-18424","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:54.323631Z","receivedAt":"2026-05-15T20:52:54.354577Z"},{"id":3688,"fincertId":"FINCERT-2026-003688","incidentId":18418,"idempotencyKey":"incident-18418","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.204378Z","receivedAt":"2026-05-15T20:52:54.218637Z"},{"id":3687,"fincertId":"FINCERT-2026-003687","incidentId":18415,"idempotencyKey":"incident-18415","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.148480Z","receivedAt":"2026-05-15T20:52:54.167749Z"},{"id":3686,"fincertId":"FINCERT-2026-003686","incidentId":18413,"idempotencyKey":"incident-18413","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.084687Z","receivedAt":"2026-05-15T20:52:54.098901Z"},{"id":3685,"fincertId":"FINCERT-2026-003685","incidentId":18412,"idempotencyKey":"incident-18412","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.065060Z","receivedAt":"2026-05-15T20:52:54.078019Z"},{"id":3684,"fincertId":"FINCERT-2026-003684","incidentId":18411,"idempotencyKey":"incident-18411","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:54.046107Z","receivedAt":"2026-05-15T20:52:54.058117Z"},{"id":3683,"fincertId":"FINCERT-2026-003683","incidentId":18405,"idempotencyKey":"incident-18405","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:53.931970Z","receivedAt":"2026-05-15T20:52:53.943830Z"},{"id":3682,"fincertId":"FINCERT-2026-003682","incidentId":18399,"idempotencyKey":"incident-18399","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:53.802591Z","receivedAt":"2026-05-15T20:52:53.824792Z"},{"id":3681,"fincertId":"FINCERT-2026-003681","incidentId":18398,"idempotencyKey":"incident-18398","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:53.782715Z","receivedAt":"2026-05-15T20:52:53.796290Z"},{"id":3680,"fincertId":"FINCERT-2026-003680","incidentId":18396,"idempotencyKey":"incident-18396","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:53.749711Z","receivedAt":"2026-05-15T20:52:53.761705Z"},{"id":3679,"fincertId":"FINCERT-2026-003679","incidentId":18391,"idempotencyKey":"incident-18391","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:53.656594Z","receivedAt":"2026-05-15T20:52:53.670885Z"},{"id":3678,"fincertId":"FINCERT-2026-003678","incidentId":18387,"idempotencyKey":"incident-18387","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:53.582542Z","receivedAt":"2026-05-15T20:52:53.594791Z"},{"id":3677,"fincertId":"FINCERT-2026-003677","incidentId":18381,"idempotencyKey":"incident-18381","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:53.483513Z","receivedAt":"2026-05-15T20:52:53.506219Z"},{"id":3676,"fincertId":"FINCERT-2026-003676","incidentId":18377,"idempotencyKey":"incident-18377","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:53.412280Z","receivedAt":"2026-05-15T20:52:53.424577Z"},{"id":3675,"fincertId":"FINCERT-2026-003675","incidentId":18376,"idempotencyKey":"incident-18376","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:53.393528Z","receivedAt":"2026-05-15T20:52:53.405547Z"},{"id":3674,"fincertId":"FINCERT-2026-003674","incidentId":18375,"idempotencyKey":"incident-18375","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:53.374685Z","receivedAt":"2026-05-15T20:52:53.386966Z"},{"id":3673,"fincertId":"FINCERT-2026-003673","incidentId":18373,"idempotencyKey":"incident-18373","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:53.318399Z","receivedAt":"2026-05-15T20:52:53.345577Z"},{"id":3672,"fincertId":"FINCERT-2026-003672","incidentId":18371,"idempotencyKey":"incident-18371","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:53.282353Z","receivedAt":"2026-05-15T20:52:53.294884Z"},{"id":3671,"fincertId":"FINCERT-2026-003671","incidentId":18369,"idempotencyKey":"incident-18369","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:53.246903Z","receivedAt":"2026-05-15T20:52:53.260602Z"},{"id":3670,"fincertId":"FINCERT-2026-003670","incidentId":18365,"idempotencyKey":"incident-18365","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:53.175166Z","receivedAt":"2026-05-15T20:52:53.191023Z"},{"id":3669,"fincertId":"FINCERT-2026-003669","incidentId":18360,"idempotencyKey":"incident-18360","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:53.068819Z","receivedAt":"2026-05-15T20:52:53.084789Z"},{"id":3668,"fincertId":"FINCERT-2026-003668","incidentId":18354,"idempotencyKey":"incident-18354","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:52.948986Z","receivedAt":"2026-05-15T20:52:52.962638Z"},{"id":3667,"fincertId":"FINCERT-2026-003667","incidentId":18350,"idempotencyKey":"incident-18350","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:52.888027Z","receivedAt":"2026-05-15T20:52:52.900993Z"},{"id":3666,"fincertId":"FINCERT-2026-003666","incidentId":18347,"idempotencyKey":"incident-18347","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:52.785650Z","receivedAt":"2026-05-15T20:52:52.806133Z"},{"id":3665,"fincertId":"FINCERT-2026-003665","incidentId":18334,"idempotencyKey":"incident-18334","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:52.534941Z","receivedAt":"2026-05-15T20:52:52.547194Z"},{"id":3664,"fincertId":"FINCERT-2026-003664","incidentId":18331,"idempotencyKey":"incident-18331","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:52.455679Z","receivedAt":"2026-05-15T20:52:52.482980Z"},{"id":3663,"fincertId":"FINCERT-2026-003663","incidentId":18330,"idempotencyKey":"incident-18330","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:52.430804Z","receivedAt":"2026-05-15T20:52:52.445253Z"},{"id":3662,"fincertId":"FINCERT-2026-003662","incidentId":18328,"idempotencyKey":"incident-18328","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:52.391798Z","receivedAt":"2026-05-15T20:52:52.406686Z"},{"id":3661,"fincertId":"FINCERT-2026-003661","incidentId":18327,"idempotencyKey":"incident-18327","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:52.367046Z","receivedAt":"2026-05-15T20:52:52.384722Z"},{"id":3660,"fincertId":"FINCERT-2026-003660","incidentId":18317,"idempotencyKey":"incident-18317","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:52.141390Z","receivedAt":"2026-05-15T20:52:52.158566Z"},{"id":3659,"fincertId":"FINCERT-2026-003659","incidentId":18316,"idempotencyKey":"incident-18316","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:52.108322Z","receivedAt":"2026-05-15T20:52:52.125248Z"},{"id":3658,"fincertId":"FINCERT-2026-003658","incidentId":18315,"idempotencyKey":"incident-18315","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:52.087502Z","receivedAt":"2026-05-15T20:52:52.101207Z"},{"id":3657,"fincertId":"FINCERT-2026-003657","incidentId":18314,"idempotencyKey":"incident-18314","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:52.066193Z","receivedAt":"2026-05-15T20:52:52.080929Z"},{"id":3656,"fincertId":"FINCERT-2026-003656","incidentId":18313,"idempotencyKey":"incident-18313","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:52.036847Z","receivedAt":"2026-05-15T20:52:52.053942Z"},{"id":3655,"fincertId":"FINCERT-2026-003655","incidentId":18311,"idempotencyKey":"incident-18311","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:51.992087Z","receivedAt":"2026-05-15T20:52:52.010144Z"},{"id":3654,"fincertId":"FINCERT-2026-003654","incidentId":18296,"idempotencyKey":"incident-18296","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:51.707551Z","receivedAt":"2026-05-15T20:52:51.721719Z"},{"id":3653,"fincertId":"FINCERT-2026-003653","incidentId":18291,"idempotencyKey":"incident-18291","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:51.574244Z","receivedAt":"2026-05-15T20:52:51.588510Z"},{"id":3652,"fincertId":"FINCERT-2026-003652","incidentId":18289,"idempotencyKey":"incident-18289","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:51.541389Z","receivedAt":"2026-05-15T20:52:51.554160Z"},{"id":3651,"fincertId":"FINCERT-2026-003651","incidentId":18287,"idempotencyKey":"incident-18287","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:51.505606Z","receivedAt":"2026-05-15T20:52:51.519322Z"},{"id":3650,"fincertId":"FINCERT-2026-003650","incidentId":18286,"idempotencyKey":"incident-18286","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:51.486338Z","receivedAt":"2026-05-15T20:52:51.498469Z"},{"id":3649,"fincertId":"FINCERT-2026-003649","incidentId":18285,"idempotencyKey":"incident-18285","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:51.454501Z","receivedAt":"2026-05-15T20:52:51.469755Z"},{"id":3648,"fincertId":"FINCERT-2026-003648","incidentId":18283,"idempotencyKey":"incident-18283","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:51.420953Z","receivedAt":"2026-05-15T20:52:51.432752Z"},{"id":3647,"fincertId":"FINCERT-2026-003647","incidentId":18281,"idempotencyKey":"incident-18281","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:51.384847Z","receivedAt":"2026-05-15T20:52:51.398412Z"},{"id":3646,"fincertId":"FINCERT-2026-003646","incidentId":18280,"idempotencyKey":"incident-18280","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:51.364228Z","receivedAt":"2026-05-15T20:52:51.377047Z"},{"id":3645,"fincertId":"FINCERT-2026-003645","incidentId":18277,"idempotencyKey":"incident-18277","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:51.283563Z","receivedAt":"2026-05-15T20:52:51.302079Z"},{"id":3644,"fincertId":"FINCERT-2026-003644","incidentId":18264,"idempotencyKey":"incident-18264","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:50.957132Z","receivedAt":"2026-05-15T20:52:50.987001Z"},{"id":3643,"fincertId":"FINCERT-2026-003643","incidentId":18260,"idempotencyKey":"incident-18260","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:50.880027Z","receivedAt":"2026-05-15T20:52:50.897389Z"},{"id":3642,"fincertId":"FINCERT-2026-003642","incidentId":18259,"idempotencyKey":"incident-18259","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:50.855737Z","receivedAt":"2026-05-15T20:52:50.872557Z"},{"id":3641,"fincertId":"FINCERT-2026-003641","incidentId":18257,"idempotencyKey":"incident-18257","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:50.796395Z","receivedAt":"2026-05-15T20:52:50.809697Z"},{"id":3640,"fincertId":"FINCERT-2026-003640","incidentId":18255,"idempotencyKey":"incident-18255","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:50.752209Z","receivedAt":"2026-05-15T20:52:50.764659Z"},{"id":3639,"fincertId":"FINCERT-2026-003639","incidentId":18254,"idempotencyKey":"incident-18254","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:50.730761Z","receivedAt":"2026-05-15T20:52:50.745648Z"},{"id":3638,"fincertId":"FINCERT-2026-003638","incidentId":18253,"idempotencyKey":"incident-18253","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:50.710208Z","receivedAt":"2026-05-15T20:52:50.722728Z"},{"id":3637,"fincertId":"FINCERT-2026-003637","incidentId":18252,"idempotencyKey":"incident-18252","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:50.689143Z","receivedAt":"2026-05-15T20:52:50.702968Z"},{"id":3636,"fincertId":"FINCERT-2026-003636","incidentId":18246,"idempotencyKey":"incident-18246","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:50.509770Z","receivedAt":"2026-05-15T20:52:50.540987Z"},{"id":3635,"fincertId":"FINCERT-2026-003635","incidentId":18240,"idempotencyKey":"incident-18240","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:50.351446Z","receivedAt":"2026-05-15T20:52:50.367795Z"},{"id":3634,"fincertId":"FINCERT-2026-003634","incidentId":18237,"idempotencyKey":"incident-18237","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:50.209439Z","receivedAt":"2026-05-15T20:52:50.240161Z"},{"id":3633,"fincertId":"FINCERT-2026-003633","incidentId":18236,"idempotencyKey":"incident-18236","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:50.186489Z","receivedAt":"2026-05-15T20:52:50.200477Z"},{"id":3632,"fincertId":"FINCERT-2026-003632","incidentId":18234,"idempotencyKey":"incident-18234","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:50.122487Z","receivedAt":"2026-05-15T20:52:50.152298Z"},{"id":3631,"fincertId":"FINCERT-2026-003631","incidentId":18224,"idempotencyKey":"incident-18224","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:49.774217Z","receivedAt":"2026-05-15T20:52:49.791865Z"},{"id":3630,"fincertId":"FINCERT-2026-003630","incidentId":18216,"idempotencyKey":"incident-18216","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:49.561931Z","receivedAt":"2026-05-15T20:52:49.593330Z"},{"id":3629,"fincertId":"FINCERT-2026-003629","incidentId":18214,"idempotencyKey":"incident-18214","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:49.470940Z","receivedAt":"2026-05-15T20:52:49.508492Z"},{"id":3628,"fincertId":"FINCERT-2026-003628","incidentId":18211,"idempotencyKey":"incident-18211","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:49.382795Z","receivedAt":"2026-05-15T20:52:49.409357Z"},{"id":3627,"fincertId":"FINCERT-2026-003627","incidentId":18210,"idempotencyKey":"incident-18210","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:49.347617Z","receivedAt":"2026-05-15T20:52:49.363627Z"},{"id":3626,"fincertId":"FINCERT-2026-003626","incidentId":18209,"idempotencyKey":"incident-18209","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:49.308891Z","receivedAt":"2026-05-15T20:52:49.327863Z"},{"id":3625,"fincertId":"FINCERT-2026-003625","incidentId":18208,"idempotencyKey":"incident-18208","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:49.246744Z","receivedAt":"2026-05-15T20:52:49.274229Z"},{"id":3624,"fincertId":"FINCERT-2026-003624","incidentId":18207,"idempotencyKey":"incident-18207","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:49.155480Z","receivedAt":"2026-05-15T20:52:49.190705Z"},{"id":3623,"fincertId":"FINCERT-2026-003623","incidentId":18205,"idempotencyKey":"incident-18205","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:49.064956Z","receivedAt":"2026-05-15T20:52:49.107043Z"},{"id":3622,"fincertId":"FINCERT-2026-003622","incidentId":18203,"idempotencyKey":"incident-18203","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:48.966058Z","receivedAt":"2026-05-15T20:52:49.000489Z"},{"id":3621,"fincertId":"FINCERT-2026-003621","incidentId":18201,"idempotencyKey":"incident-18201","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:48.877279Z","receivedAt":"2026-05-15T20:52:48.901099Z"},{"id":3620,"fincertId":"FINCERT-2026-003620","incidentId":18197,"idempotencyKey":"incident-18197","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:48.725546Z","receivedAt":"2026-05-15T20:52:48.741971Z"},{"id":3619,"fincertId":"FINCERT-2026-003619","incidentId":18193,"idempotencyKey":"incident-18193","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:48.638324Z","receivedAt":"2026-05-15T20:52:48.663806Z"},{"id":3618,"fincertId":"FINCERT-2026-003618","incidentId":18183,"idempotencyKey":"incident-18183","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:48.431654Z","receivedAt":"2026-05-15T20:52:48.444094Z"},{"id":3617,"fincertId":"FINCERT-2026-003617","incidentId":18180,"idempotencyKey":"incident-18180","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:48.340455Z","receivedAt":"2026-05-15T20:52:48.387824Z"},{"id":3616,"fincertId":"FINCERT-2026-003616","incidentId":18177,"idempotencyKey":"incident-18177","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:48.273534Z","receivedAt":"2026-05-15T20:52:48.287570Z"},{"id":3615,"fincertId":"FINCERT-2026-003615","incidentId":18166,"idempotencyKey":"incident-18166","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.993507Z","receivedAt":"2026-05-15T20:52:48.019726Z"},{"id":3614,"fincertId":"FINCERT-2026-003614","incidentId":18165,"idempotencyKey":"incident-18165","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:47.942734Z","receivedAt":"2026-05-15T20:52:47.962480Z"},{"id":3613,"fincertId":"FINCERT-2026-003613","incidentId":18163,"idempotencyKey":"incident-18163","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.895138Z","receivedAt":"2026-05-15T20:52:47.915805Z"},{"id":3612,"fincertId":"FINCERT-2026-003612","incidentId":18161,"idempotencyKey":"incident-18161","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.837426Z","receivedAt":"2026-05-15T20:52:47.860605Z"},{"id":3611,"fincertId":"FINCERT-2026-003611","incidentId":18160,"idempotencyKey":"incident-18160","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:47.796995Z","receivedAt":"2026-05-15T20:52:47.814001Z"},{"id":3610,"fincertId":"FINCERT-2026-003610","incidentId":18159,"idempotencyKey":"incident-18159","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.773379Z","receivedAt":"2026-05-15T20:52:47.788992Z"},{"id":3609,"fincertId":"FINCERT-2026-003609","incidentId":18156,"idempotencyKey":"incident-18156","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.709572Z","receivedAt":"2026-05-15T20:52:47.724238Z"},{"id":3608,"fincertId":"FINCERT-2026-003608","incidentId":18154,"idempotencyKey":"incident-18154","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:47.674245Z","receivedAt":"2026-05-15T20:52:47.688071Z"},{"id":3607,"fincertId":"FINCERT-2026-003607","incidentId":18151,"idempotencyKey":"incident-18151","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:47.587098Z","receivedAt":"2026-05-15T20:52:47.608571Z"},{"id":3606,"fincertId":"FINCERT-2026-003606","incidentId":18143,"idempotencyKey":"incident-18143","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:47.391708Z","receivedAt":"2026-05-15T20:52:47.411439Z"},{"id":3605,"fincertId":"FINCERT-2026-003605","incidentId":18138,"idempotencyKey":"incident-18138","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.250984Z","receivedAt":"2026-05-15T20:52:47.266419Z"},{"id":3604,"fincertId":"FINCERT-2026-003604","incidentId":18137,"idempotencyKey":"incident-18137","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.215630Z","receivedAt":"2026-05-15T20:52:47.235432Z"},{"id":3603,"fincertId":"FINCERT-2026-003603","incidentId":18136,"idempotencyKey":"incident-18136","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.191236Z","receivedAt":"2026-05-15T20:52:47.207420Z"},{"id":3602,"fincertId":"FINCERT-2026-003602","incidentId":18131,"idempotencyKey":"incident-18131","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:47.082489Z","receivedAt":"2026-05-15T20:52:47.097944Z"},{"id":3601,"fincertId":"FINCERT-2026-003601","incidentId":18127,"idempotencyKey":"incident-18127","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:46.946938Z","receivedAt":"2026-05-15T20:52:46.965710Z"},{"id":3600,"fincertId":"FINCERT-2026-003600","incidentId":18122,"idempotencyKey":"incident-18122","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:46.846757Z","receivedAt":"2026-05-15T20:52:46.869786Z"},{"id":3599,"fincertId":"FINCERT-2026-003599","incidentId":18120,"idempotencyKey":"incident-18120","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:46.791461Z","receivedAt":"2026-05-15T20:52:46.807907Z"},{"id":3598,"fincertId":"FINCERT-2026-003598","incidentId":18113,"idempotencyKey":"incident-18113","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:46.669573Z","receivedAt":"2026-05-15T20:52:46.681046Z"},{"id":3597,"fincertId":"FINCERT-2026-003597","incidentId":18112,"idempotencyKey":"incident-18112","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:46.651964Z","receivedAt":"2026-05-15T20:52:46.663653Z"},{"id":3596,"fincertId":"FINCERT-2026-003596","incidentId":18111,"idempotencyKey":"incident-18111","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:46.617213Z","receivedAt":"2026-05-15T20:52:46.641117Z"},{"id":3595,"fincertId":"FINCERT-2026-003595","incidentId":18103,"idempotencyKey":"incident-18103","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:46.460592Z","receivedAt":"2026-05-15T20:52:46.482543Z"},{"id":3594,"fincertId":"FINCERT-2026-003594","incidentId":18101,"idempotencyKey":"incident-18101","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:46.414433Z","receivedAt":"2026-05-15T20:52:46.430500Z"},{"id":3593,"fincertId":"FINCERT-2026-003593","incidentId":18096,"idempotencyKey":"incident-18096","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:46.319235Z","receivedAt":"2026-05-15T20:52:46.342450Z"},{"id":3592,"fincertId":"FINCERT-2026-003592","incidentId":18093,"idempotencyKey":"incident-18093","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:46.257812Z","receivedAt":"2026-05-15T20:52:46.270911Z"},{"id":3591,"fincertId":"FINCERT-2026-003591","incidentId":18090,"idempotencyKey":"incident-18090","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:46.198035Z","receivedAt":"2026-05-15T20:52:46.211413Z"},{"id":3590,"fincertId":"FINCERT-2026-003590","incidentId":18087,"idempotencyKey":"incident-18087","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:46.130886Z","receivedAt":"2026-05-15T20:52:46.145870Z"},{"id":3589,"fincertId":"FINCERT-2026-003589","incidentId":18083,"idempotencyKey":"incident-18083","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:46.051834Z","receivedAt":"2026-05-15T20:52:46.069335Z"},{"id":3588,"fincertId":"FINCERT-2026-003588","incidentId":18075,"idempotencyKey":"incident-18075","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:45.813471Z","receivedAt":"2026-05-15T20:52:45.906888Z"},{"id":3587,"fincertId":"FINCERT-2026-003587","incidentId":18073,"idempotencyKey":"incident-18073","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:45.745838Z","receivedAt":"2026-05-15T20:52:45.778746Z"},{"id":3586,"fincertId":"FINCERT-2026-003586","incidentId":18071,"idempotencyKey":"incident-18071","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:45.688060Z","receivedAt":"2026-05-15T20:52:45.706440Z"},{"id":3585,"fincertId":"FINCERT-2026-003585","incidentId":18066,"idempotencyKey":"incident-18066","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:45.495166Z","receivedAt":"2026-05-15T20:52:45.523103Z"},{"id":3584,"fincertId":"FINCERT-2026-003584","incidentId":18064,"idempotencyKey":"incident-18064","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:45.425336Z","receivedAt":"2026-05-15T20:52:45.439066Z"},{"id":3583,"fincertId":"FINCERT-2026-003583","incidentId":18061,"idempotencyKey":"incident-18061","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:45.369695Z","receivedAt":"2026-05-15T20:52:45.382830Z"},{"id":3582,"fincertId":"FINCERT-2026-003582","incidentId":18059,"idempotencyKey":"incident-18059","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:45.308302Z","receivedAt":"2026-05-15T20:52:45.330006Z"},{"id":3581,"fincertId":"FINCERT-2026-003581","incidentId":18057,"idempotencyKey":"incident-18057","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:45.273311Z","receivedAt":"2026-05-15T20:52:45.287089Z"},{"id":3580,"fincertId":"FINCERT-2026-003580","incidentId":18052,"idempotencyKey":"incident-18052","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:45.177779Z","receivedAt":"2026-05-15T20:52:45.192753Z"},{"id":3579,"fincertId":"FINCERT-2026-003579","incidentId":18045,"idempotencyKey":"incident-18045","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:45.024001Z","receivedAt":"2026-05-15T20:52:45.035964Z"},{"id":3578,"fincertId":"FINCERT-2026-003578","incidentId":18044,"idempotencyKey":"incident-18044","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:44.998361Z","receivedAt":"2026-05-15T20:52:45.010761Z"},{"id":3577,"fincertId":"FINCERT-2026-003577","incidentId":18038,"idempotencyKey":"incident-18038","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:44.898001Z","receivedAt":"2026-05-15T20:52:44.910458Z"},{"id":3576,"fincertId":"FINCERT-2026-003576","incidentId":18033,"idempotencyKey":"incident-18033","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:44.711198Z","receivedAt":"2026-05-15T20:52:44.731076Z"},{"id":3575,"fincertId":"FINCERT-2026-003575","incidentId":18031,"idempotencyKey":"incident-18031","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:44.611505Z","receivedAt":"2026-05-15T20:52:44.649450Z"},{"id":3574,"fincertId":"FINCERT-2026-003574","incidentId":18030,"idempotencyKey":"incident-18030","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:44.580115Z","receivedAt":"2026-05-15T20:52:44.595858Z"},{"id":3573,"fincertId":"FINCERT-2026-003573","incidentId":18025,"idempotencyKey":"incident-18025","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:44.473937Z","receivedAt":"2026-05-15T20:52:44.509937Z"},{"id":3572,"fincertId":"FINCERT-2026-003572","incidentId":18023,"idempotencyKey":"incident-18023","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:44.404858Z","receivedAt":"2026-05-15T20:52:44.429682Z"},{"id":3571,"fincertId":"FINCERT-2026-003571","incidentId":18016,"idempotencyKey":"incident-18016","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:44.280323Z","receivedAt":"2026-05-15T20:52:44.292393Z"},{"id":3570,"fincertId":"FINCERT-2026-003570","incidentId":18014,"idempotencyKey":"incident-18014","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:44.237040Z","receivedAt":"2026-05-15T20:52:44.252289Z"},{"id":3569,"fincertId":"FINCERT-2026-003569","incidentId":18013,"idempotencyKey":"incident-18013","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:44.208923Z","receivedAt":"2026-05-15T20:52:44.221388Z"},{"id":3568,"fincertId":"FINCERT-2026-003568","incidentId":18010,"idempotencyKey":"incident-18010","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:44.140217Z","receivedAt":"2026-05-15T20:52:44.162379Z"},{"id":3567,"fincertId":"FINCERT-2026-003567","incidentId":17994,"idempotencyKey":"incident-17994","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:43.826090Z","receivedAt":"2026-05-15T20:52:43.856090Z"},{"id":3566,"fincertId":"FINCERT-2026-003566","incidentId":17992,"idempotencyKey":"incident-17992","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:43.780975Z","receivedAt":"2026-05-15T20:52:43.794369Z"},{"id":3565,"fincertId":"FINCERT-2026-003565","incidentId":17990,"idempotencyKey":"incident-17990","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:43.737559Z","receivedAt":"2026-05-15T20:52:43.751635Z"},{"id":3564,"fincertId":"FINCERT-2026-003564","incidentId":17989,"idempotencyKey":"incident-17989","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:43.704255Z","receivedAt":"2026-05-15T20:52:43.722023Z"},{"id":3563,"fincertId":"FINCERT-2026-003563","incidentId":17986,"idempotencyKey":"incident-17986","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:43.645946Z","receivedAt":"2026-05-15T20:52:43.666826Z"},{"id":3562,"fincertId":"FINCERT-2026-003562","incidentId":17984,"idempotencyKey":"incident-17984","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:43.590295Z","receivedAt":"2026-05-15T20:52:43.603104Z"},{"id":3561,"fincertId":"FINCERT-2026-003561","incidentId":17983,"idempotencyKey":"incident-17983","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:43.568555Z","receivedAt":"2026-05-15T20:52:43.583343Z"},{"id":3560,"fincertId":"FINCERT-2026-003560","incidentId":17981,"idempotencyKey":"incident-17981","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:43.528545Z","receivedAt":"2026-05-15T20:52:43.543922Z"},{"id":3559,"fincertId":"FINCERT-2026-003559","incidentId":17978,"idempotencyKey":"incident-17978","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:43.455945Z","receivedAt":"2026-05-15T20:52:43.473893Z"},{"id":3558,"fincertId":"FINCERT-2026-003558","incidentId":17977,"idempotencyKey":"incident-17977","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:43.433338Z","receivedAt":"2026-05-15T20:52:43.449410Z"},{"id":3557,"fincertId":"FINCERT-2026-003557","incidentId":17975,"idempotencyKey":"incident-17975","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:43.378167Z","receivedAt":"2026-05-15T20:52:43.394966Z"},{"id":3556,"fincertId":"FINCERT-2026-003556","incidentId":17970,"idempotencyKey":"incident-17970","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:43.265408Z","receivedAt":"2026-05-15T20:52:43.280366Z"},{"id":3555,"fincertId":"FINCERT-2026-003555","incidentId":17969,"idempotencyKey":"incident-17969","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:43.230561Z","receivedAt":"2026-05-15T20:52:43.249472Z"},{"id":3554,"fincertId":"FINCERT-2026-003554","incidentId":17967,"idempotencyKey":"incident-17967","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:43.189997Z","receivedAt":"2026-05-15T20:52:43.203821Z"},{"id":3553,"fincertId":"FINCERT-2026-003553","incidentId":17964,"idempotencyKey":"incident-17964","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:43.097346Z","receivedAt":"2026-05-15T20:52:43.119121Z"},{"id":3552,"fincertId":"FINCERT-2026-003552","incidentId":17954,"idempotencyKey":"incident-17954","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:42.905851Z","receivedAt":"2026-05-15T20:52:42.919076Z"},{"id":3551,"fincertId":"FINCERT-2026-003551","incidentId":17949,"idempotencyKey":"incident-17949","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:42.802116Z","receivedAt":"2026-05-15T20:52:42.832449Z"},{"id":3550,"fincertId":"FINCERT-2026-003550","incidentId":17946,"idempotencyKey":"incident-17946","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:42.744031Z","receivedAt":"2026-05-15T20:52:42.757443Z"},{"id":3549,"fincertId":"FINCERT-2026-003549","incidentId":17945,"idempotencyKey":"incident-17945","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:42.724432Z","receivedAt":"2026-05-15T20:52:42.736858Z"},{"id":3548,"fincertId":"FINCERT-2026-003548","incidentId":17943,"idempotencyKey":"incident-17943","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:42.680104Z","receivedAt":"2026-05-15T20:52:42.693928Z"},{"id":3547,"fincertId":"FINCERT-2026-003547","incidentId":17938,"idempotencyKey":"incident-17938","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:42.589076Z","receivedAt":"2026-05-15T20:52:42.600463Z"},{"id":3546,"fincertId":"FINCERT-2026-003546","incidentId":17936,"idempotencyKey":"incident-17936","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:42.544770Z","receivedAt":"2026-05-15T20:52:42.556743Z"},{"id":3545,"fincertId":"FINCERT-2026-003545","incidentId":17932,"idempotencyKey":"incident-17932","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:42.482814Z","receivedAt":"2026-05-15T20:52:42.495809Z"},{"id":3544,"fincertId":"FINCERT-2026-003544","incidentId":17928,"idempotencyKey":"incident-17928","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:42.402774Z","receivedAt":"2026-05-15T20:52:42.415236Z"},{"id":3543,"fincertId":"FINCERT-2026-003543","incidentId":17919,"idempotencyKey":"incident-17919","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:42.190286Z","receivedAt":"2026-05-15T20:52:42.206581Z"},{"id":3542,"fincertId":"FINCERT-2026-003542","incidentId":17917,"idempotencyKey":"incident-17917","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:42.129247Z","receivedAt":"2026-05-15T20:52:42.148242Z"},{"id":3541,"fincertId":"FINCERT-2026-003541","incidentId":17912,"idempotencyKey":"incident-17912","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:42.017609Z","receivedAt":"2026-05-15T20:52:42.033811Z"},{"id":3540,"fincertId":"FINCERT-2026-003540","incidentId":17905,"idempotencyKey":"incident-17905","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:41.879210Z","receivedAt":"2026-05-15T20:52:41.894035Z"},{"id":3539,"fincertId":"FINCERT-2026-003539","incidentId":17904,"idempotencyKey":"incident-17904","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:41.859598Z","receivedAt":"2026-05-15T20:52:41.873152Z"},{"id":3538,"fincertId":"FINCERT-2026-003538","incidentId":17901,"idempotencyKey":"incident-17901","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:41.785822Z","receivedAt":"2026-05-15T20:52:41.799597Z"},{"id":3537,"fincertId":"FINCERT-2026-003537","incidentId":17896,"idempotencyKey":"incident-17896","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:41.681408Z","receivedAt":"2026-05-15T20:52:41.697534Z"},{"id":3536,"fincertId":"FINCERT-2026-003536","incidentId":17894,"idempotencyKey":"incident-17894","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:41.624883Z","receivedAt":"2026-05-15T20:52:41.645642Z"},{"id":3535,"fincertId":"FINCERT-2026-003535","incidentId":17891,"idempotencyKey":"incident-17891","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:41.555941Z","receivedAt":"2026-05-15T20:52:41.570637Z"},{"id":3534,"fincertId":"FINCERT-2026-003534","incidentId":17889,"idempotencyKey":"incident-17889","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:41.511432Z","receivedAt":"2026-05-15T20:52:41.526731Z"},{"id":3533,"fincertId":"FINCERT-2026-003533","incidentId":17888,"idempotencyKey":"incident-17888","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:41.469822Z","receivedAt":"2026-05-15T20:52:41.498895Z"},{"id":3532,"fincertId":"FINCERT-2026-003532","incidentId":17886,"idempotencyKey":"incident-17886","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:41.424388Z","receivedAt":"2026-05-15T20:52:41.437461Z"},{"id":3531,"fincertId":"FINCERT-2026-003531","incidentId":17883,"idempotencyKey":"incident-17883","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:41.369546Z","receivedAt":"2026-05-15T20:52:41.384897Z"},{"id":3530,"fincertId":"FINCERT-2026-003530","incidentId":17877,"idempotencyKey":"incident-17877","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:41.252792Z","receivedAt":"2026-05-15T20:52:41.266371Z"},{"id":3529,"fincertId":"FINCERT-2026-003529","incidentId":17876,"idempotencyKey":"incident-17876","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:41.231503Z","receivedAt":"2026-05-15T20:52:41.244707Z"},{"id":3528,"fincertId":"FINCERT-2026-003528","incidentId":17874,"idempotencyKey":"incident-17874","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:41.187752Z","receivedAt":"2026-05-15T20:52:41.206830Z"},{"id":3527,"fincertId":"FINCERT-2026-003527","incidentId":17872,"idempotencyKey":"incident-17872","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:41.112381Z","receivedAt":"2026-05-15T20:52:41.136775Z"},{"id":3526,"fincertId":"FINCERT-2026-003526","incidentId":17866,"idempotencyKey":"incident-17866","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:40.930049Z","receivedAt":"2026-05-15T20:52:40.943642Z"},{"id":3525,"fincertId":"FINCERT-2026-003525","incidentId":17865,"idempotencyKey":"incident-17865","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:40.904058Z","receivedAt":"2026-05-15T20:52:40.921585Z"},{"id":3524,"fincertId":"FINCERT-2026-003524","incidentId":17863,"idempotencyKey":"incident-17863","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:40.835022Z","receivedAt":"2026-05-15T20:52:40.860188Z"},{"id":3523,"fincertId":"FINCERT-2026-003523","incidentId":17862,"idempotencyKey":"incident-17862","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:40.801941Z","receivedAt":"2026-05-15T20:52:40.823007Z"},{"id":3522,"fincertId":"FINCERT-2026-003522","incidentId":17860,"idempotencyKey":"incident-17860","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:40.741542Z","receivedAt":"2026-05-15T20:52:40.754742Z"},{"id":3521,"fincertId":"FINCERT-2026-003521","incidentId":17859,"idempotencyKey":"incident-17859","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:40.722276Z","receivedAt":"2026-05-15T20:52:40.734771Z"},{"id":3520,"fincertId":"FINCERT-2026-003520","incidentId":17858,"idempotencyKey":"incident-17858","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:40.699032Z","receivedAt":"2026-05-15T20:52:40.715541Z"},{"id":3519,"fincertId":"FINCERT-2026-003519","incidentId":17855,"idempotencyKey":"incident-17855","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:40.596442Z","receivedAt":"2026-05-15T20:52:40.638161Z"},{"id":3518,"fincertId":"FINCERT-2026-003518","incidentId":17852,"idempotencyKey":"incident-17852","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:40.523283Z","receivedAt":"2026-05-15T20:52:40.538710Z"},{"id":3517,"fincertId":"FINCERT-2026-003517","incidentId":17845,"idempotencyKey":"incident-17845","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:40.406789Z","receivedAt":"2026-05-15T20:52:40.419357Z"},{"id":3516,"fincertId":"FINCERT-2026-003516","incidentId":17841,"idempotencyKey":"incident-17841","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:40.310508Z","receivedAt":"2026-05-15T20:52:40.333335Z"},{"id":3515,"fincertId":"FINCERT-2026-003515","incidentId":17839,"idempotencyKey":"incident-17839","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:40.263817Z","receivedAt":"2026-05-15T20:52:40.278106Z"},{"id":3514,"fincertId":"FINCERT-2026-003514","incidentId":17830,"idempotencyKey":"incident-17830","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:40.046063Z","receivedAt":"2026-05-15T20:52:40.065346Z"},{"id":3513,"fincertId":"FINCERT-2026-003513","incidentId":17829,"idempotencyKey":"incident-17829","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:40.003590Z","receivedAt":"2026-05-15T20:52:40.023093Z"},{"id":3512,"fincertId":"FINCERT-2026-003512","incidentId":17825,"idempotencyKey":"incident-17825","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:39.854149Z","receivedAt":"2026-05-15T20:52:39.891548Z"},{"id":3511,"fincertId":"FINCERT-2026-003511","incidentId":17822,"idempotencyKey":"incident-17822","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:39.754645Z","receivedAt":"2026-05-15T20:52:39.780770Z"},{"id":3510,"fincertId":"FINCERT-2026-003510","incidentId":17820,"idempotencyKey":"incident-17820","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:39.714440Z","receivedAt":"2026-05-15T20:52:39.729451Z"},{"id":3509,"fincertId":"FINCERT-2026-003509","incidentId":17810,"idempotencyKey":"incident-17810","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:39.501393Z","receivedAt":"2026-05-15T20:52:39.520468Z"},{"id":3508,"fincertId":"FINCERT-2026-003508","incidentId":17807,"idempotencyKey":"incident-17807","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:39.428982Z","receivedAt":"2026-05-15T20:52:39.443551Z"},{"id":3507,"fincertId":"FINCERT-2026-003507","incidentId":17806,"idempotencyKey":"incident-17806","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:39.404002Z","receivedAt":"2026-05-15T20:52:39.421014Z"},{"id":3506,"fincertId":"FINCERT-2026-003506","incidentId":17803,"idempotencyKey":"incident-17803","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:39.327409Z","receivedAt":"2026-05-15T20:52:39.352435Z"},{"id":3505,"fincertId":"FINCERT-2026-003505","incidentId":17801,"idempotencyKey":"incident-17801","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:39.274635Z","receivedAt":"2026-05-15T20:52:39.290865Z"},{"id":3504,"fincertId":"FINCERT-2026-003504","incidentId":17800,"idempotencyKey":"incident-17800","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:39.251985Z","receivedAt":"2026-05-15T20:52:39.267059Z"},{"id":3503,"fincertId":"FINCERT-2026-003503","incidentId":17797,"idempotencyKey":"incident-17797","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:39.168360Z","receivedAt":"2026-05-15T20:52:39.183901Z"},{"id":3502,"fincertId":"FINCERT-2026-003502","incidentId":17794,"idempotencyKey":"incident-17794","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:39.059367Z","receivedAt":"2026-05-15T20:52:39.084508Z"},{"id":3501,"fincertId":"FINCERT-2026-003501","incidentId":17793,"idempotencyKey":"incident-17793","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:38.987793Z","receivedAt":"2026-05-15T20:52:39.007422Z"},{"id":3500,"fincertId":"FINCERT-2026-003500","incidentId":17790,"idempotencyKey":"incident-17790","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:38.906032Z","receivedAt":"2026-05-15T20:52:38.918227Z"},{"id":3499,"fincertId":"FINCERT-2026-003499","incidentId":17783,"idempotencyKey":"incident-17783","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:38.774374Z","receivedAt":"2026-05-15T20:52:38.789112Z"},{"id":3498,"fincertId":"FINCERT-2026-003498","incidentId":17778,"idempotencyKey":"incident-17778","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:38.656451Z","receivedAt":"2026-05-15T20:52:38.677671Z"},{"id":3497,"fincertId":"FINCERT-2026-003497","incidentId":17771,"idempotencyKey":"incident-17771","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:38.360246Z","receivedAt":"2026-05-15T20:52:38.399203Z"},{"id":3496,"fincertId":"FINCERT-2026-003496","incidentId":17765,"idempotencyKey":"incident-17765","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:38.035710Z","receivedAt":"2026-05-15T20:52:38.070255Z"},{"id":3495,"fincertId":"FINCERT-2026-003495","incidentId":17764,"idempotencyKey":"incident-17764","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:37.950970Z","receivedAt":"2026-05-15T20:52:37.981048Z"},{"id":3494,"fincertId":"FINCERT-2026-003494","incidentId":17755,"idempotencyKey":"incident-17755","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:37.778712Z","receivedAt":"2026-05-15T20:52:37.791604Z"},{"id":3493,"fincertId":"FINCERT-2026-003493","incidentId":17751,"idempotencyKey":"incident-17751","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:37.718340Z","receivedAt":"2026-05-15T20:52:37.731363Z"},{"id":3492,"fincertId":"FINCERT-2026-003492","incidentId":17746,"idempotencyKey":"incident-17746","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:37.635799Z","receivedAt":"2026-05-15T20:52:37.649690Z"},{"id":3491,"fincertId":"FINCERT-2026-003491","incidentId":17745,"idempotencyKey":"incident-17745","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:37.608303Z","receivedAt":"2026-05-15T20:52:37.624604Z"},{"id":3490,"fincertId":"FINCERT-2026-003490","incidentId":17743,"idempotencyKey":"incident-17743","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:37.573432Z","receivedAt":"2026-05-15T20:52:37.587575Z"},{"id":3489,"fincertId":"FINCERT-2026-003489","incidentId":17741,"idempotencyKey":"incident-17741","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:37.519746Z","receivedAt":"2026-05-15T20:52:37.547414Z"},{"id":3488,"fincertId":"FINCERT-2026-003488","incidentId":17739,"idempotencyKey":"incident-17739","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:37.434352Z","receivedAt":"2026-05-15T20:52:37.455530Z"},{"id":3487,"fincertId":"FINCERT-2026-003487","incidentId":17737,"idempotencyKey":"incident-17737","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:37.384556Z","receivedAt":"2026-05-15T20:52:37.400256Z"},{"id":3486,"fincertId":"FINCERT-2026-003486","incidentId":17731,"idempotencyKey":"incident-17731","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:37.267764Z","receivedAt":"2026-05-15T20:52:37.285212Z"},{"id":3485,"fincertId":"FINCERT-2026-003485","incidentId":17729,"idempotencyKey":"incident-17729","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:37.227024Z","receivedAt":"2026-05-15T20:52:37.243947Z"},{"id":3484,"fincertId":"FINCERT-2026-003484","incidentId":17728,"idempotencyKey":"incident-17728","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:37.201944Z","receivedAt":"2026-05-15T20:52:37.219379Z"},{"id":3483,"fincertId":"FINCERT-2026-003483","incidentId":17724,"idempotencyKey":"incident-17724","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:37.112124Z","receivedAt":"2026-05-15T20:52:37.132838Z"},{"id":3482,"fincertId":"FINCERT-2026-003482","incidentId":17715,"idempotencyKey":"incident-17715","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:36.906518Z","receivedAt":"2026-05-15T20:52:36.920924Z"},{"id":3481,"fincertId":"FINCERT-2026-003481","incidentId":17714,"idempotencyKey":"incident-17714","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:36.885513Z","receivedAt":"2026-05-15T20:52:36.898714Z"},{"id":3480,"fincertId":"FINCERT-2026-003480","incidentId":17713,"idempotencyKey":"incident-17713","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:36.833504Z","receivedAt":"2026-05-15T20:52:36.872795Z"},{"id":3479,"fincertId":"FINCERT-2026-003479","incidentId":17711,"idempotencyKey":"incident-17711","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:36.781791Z","receivedAt":"2026-05-15T20:52:36.794898Z"},{"id":3478,"fincertId":"FINCERT-2026-003478","incidentId":17710,"idempotencyKey":"incident-17710","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:36.751808Z","receivedAt":"2026-05-15T20:52:36.766530Z"},{"id":3477,"fincertId":"FINCERT-2026-003477","incidentId":17705,"idempotencyKey":"incident-17705","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:36.651024Z","receivedAt":"2026-05-15T20:52:36.673646Z"},{"id":3476,"fincertId":"FINCERT-2026-003476","incidentId":17702,"idempotencyKey":"incident-17702","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:36.584699Z","receivedAt":"2026-05-15T20:52:36.598055Z"},{"id":3475,"fincertId":"FINCERT-2026-003475","incidentId":17701,"idempotencyKey":"incident-17701","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:36.555462Z","receivedAt":"2026-05-15T20:52:36.575117Z"},{"id":3474,"fincertId":"FINCERT-2026-003474","incidentId":17697,"idempotencyKey":"incident-17697","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:36.451517Z","receivedAt":"2026-05-15T20:52:36.483537Z"},{"id":3473,"fincertId":"FINCERT-2026-003473","incidentId":17689,"idempotencyKey":"incident-17689","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:36.298025Z","receivedAt":"2026-05-15T20:52:36.319802Z"},{"id":3472,"fincertId":"FINCERT-2026-003472","incidentId":17688,"idempotencyKey":"incident-17688","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:36.280006Z","receivedAt":"2026-05-15T20:52:36.291147Z"},{"id":3471,"fincertId":"FINCERT-2026-003471","incidentId":17681,"idempotencyKey":"incident-17681","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:36.149744Z","receivedAt":"2026-05-15T20:52:36.162931Z"},{"id":3470,"fincertId":"FINCERT-2026-003470","incidentId":17679,"idempotencyKey":"incident-17679","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:36.099283Z","receivedAt":"2026-05-15T20:52:36.118019Z"},{"id":3469,"fincertId":"FINCERT-2026-003469","incidentId":17677,"idempotencyKey":"incident-17677","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:36.063407Z","receivedAt":"2026-05-15T20:52:36.076587Z"},{"id":3468,"fincertId":"FINCERT-2026-003468","incidentId":17666,"idempotencyKey":"incident-17666","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:35.874406Z","receivedAt":"2026-05-15T20:52:35.885797Z"},{"id":3467,"fincertId":"FINCERT-2026-003467","incidentId":17664,"idempotencyKey":"incident-17664","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:35.842793Z","receivedAt":"2026-05-15T20:52:35.857104Z"},{"id":3466,"fincertId":"FINCERT-2026-003466","incidentId":17663,"idempotencyKey":"incident-17663","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:35.807442Z","receivedAt":"2026-05-15T20:52:35.833392Z"},{"id":3465,"fincertId":"FINCERT-2026-003465","incidentId":17659,"idempotencyKey":"incident-17659","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:35.744979Z","receivedAt":"2026-05-15T20:52:35.757129Z"},{"id":3464,"fincertId":"FINCERT-2026-003464","incidentId":17649,"idempotencyKey":"incident-17649","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:35.580598Z","receivedAt":"2026-05-15T20:52:35.592638Z"},{"id":3463,"fincertId":"FINCERT-2026-003463","incidentId":17646,"idempotencyKey":"incident-17646","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:35.526136Z","receivedAt":"2026-05-15T20:52:35.537586Z"},{"id":3462,"fincertId":"FINCERT-2026-003462","incidentId":17642,"idempotencyKey":"incident-17642","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:35.409957Z","receivedAt":"2026-05-15T20:52:35.423276Z"},{"id":3461,"fincertId":"FINCERT-2026-003461","incidentId":17640,"idempotencyKey":"incident-17640","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:35.371814Z","receivedAt":"2026-05-15T20:52:35.385408Z"},{"id":3460,"fincertId":"FINCERT-2026-003460","incidentId":17635,"idempotencyKey":"incident-17635","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:35.269688Z","receivedAt":"2026-05-15T20:52:35.291683Z"},{"id":3459,"fincertId":"FINCERT-2026-003459","incidentId":17626,"idempotencyKey":"incident-17626","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:34.884388Z","receivedAt":"2026-05-15T20:52:34.916383Z"},{"id":3458,"fincertId":"FINCERT-2026-003458","incidentId":17625,"idempotencyKey":"incident-17625","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:34.842120Z","receivedAt":"2026-05-15T20:52:34.862859Z"},{"id":3457,"fincertId":"FINCERT-2026-003457","incidentId":17619,"idempotencyKey":"incident-17619","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:34.661126Z","receivedAt":"2026-05-15T20:52:34.677407Z"},{"id":3456,"fincertId":"FINCERT-2026-003456","incidentId":17616,"idempotencyKey":"incident-17616","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:34.592687Z","receivedAt":"2026-05-15T20:52:34.609824Z"},{"id":3455,"fincertId":"FINCERT-2026-003455","incidentId":17613,"idempotencyKey":"incident-17613","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:34.513399Z","receivedAt":"2026-05-15T20:52:34.532499Z"},{"id":3454,"fincertId":"FINCERT-2026-003454","incidentId":17611,"idempotencyKey":"incident-17611","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:34.442556Z","receivedAt":"2026-05-15T20:52:34.457884Z"},{"id":3453,"fincertId":"FINCERT-2026-003453","incidentId":17603,"idempotencyKey":"incident-17603","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:34.225053Z","receivedAt":"2026-05-15T20:52:34.249161Z"},{"id":3452,"fincertId":"FINCERT-2026-003452","incidentId":17600,"idempotencyKey":"incident-17600","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:34.175055Z","receivedAt":"2026-05-15T20:52:34.187368Z"},{"id":3451,"fincertId":"FINCERT-2026-003451","incidentId":17598,"idempotencyKey":"incident-17598","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:34.135860Z","receivedAt":"2026-05-15T20:52:34.151557Z"},{"id":3450,"fincertId":"FINCERT-2026-003450","incidentId":17596,"idempotencyKey":"incident-17596","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:34.087688Z","receivedAt":"2026-05-15T20:52:34.104654Z"},{"id":3449,"fincertId":"FINCERT-2026-003449","incidentId":17591,"idempotencyKey":"incident-17591","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:33.980728Z","receivedAt":"2026-05-15T20:52:33.998966Z"},{"id":3448,"fincertId":"FINCERT-2026-003448","incidentId":17590,"idempotencyKey":"incident-17590","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:33.950639Z","receivedAt":"2026-05-15T20:52:33.969910Z"},{"id":3447,"fincertId":"FINCERT-2026-003447","incidentId":17589,"idempotencyKey":"incident-17589","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:33.931964Z","receivedAt":"2026-05-15T20:52:33.943726Z"},{"id":3446,"fincertId":"FINCERT-2026-003446","incidentId":17574,"idempotencyKey":"incident-17574","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:33.593939Z","receivedAt":"2026-05-15T20:52:33.612468Z"},{"id":3445,"fincertId":"FINCERT-2026-003445","incidentId":17570,"idempotencyKey":"incident-17570","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:33.518441Z","receivedAt":"2026-05-15T20:52:33.530787Z"},{"id":3444,"fincertId":"FINCERT-2026-003444","incidentId":17568,"idempotencyKey":"incident-17568","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:33.471475Z","receivedAt":"2026-05-15T20:52:33.495457Z"},{"id":3443,"fincertId":"FINCERT-2026-003443","incidentId":17563,"idempotencyKey":"incident-17563","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:33.379531Z","receivedAt":"2026-05-15T20:52:33.392792Z"},{"id":3442,"fincertId":"FINCERT-2026-003442","incidentId":17559,"idempotencyKey":"incident-17559","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:33.289515Z","receivedAt":"2026-05-15T20:52:33.301863Z"},{"id":3441,"fincertId":"FINCERT-2026-003441","incidentId":17556,"idempotencyKey":"incident-17556","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:33.232211Z","receivedAt":"2026-05-15T20:52:33.251006Z"},{"id":3440,"fincertId":"FINCERT-2026-003440","incidentId":17554,"idempotencyKey":"incident-17554","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:33.191681Z","receivedAt":"2026-05-15T20:52:33.205630Z"},{"id":3439,"fincertId":"FINCERT-2026-003439","incidentId":17551,"idempotencyKey":"incident-17551","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:33.127153Z","receivedAt":"2026-05-15T20:52:33.146131Z"},{"id":3438,"fincertId":"FINCERT-2026-003438","incidentId":17547,"idempotencyKey":"incident-17547","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:33.047714Z","receivedAt":"2026-05-15T20:52:33.061692Z"},{"id":3437,"fincertId":"FINCERT-2026-003437","incidentId":17541,"idempotencyKey":"incident-17541","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:32.907998Z","receivedAt":"2026-05-15T20:52:32.920340Z"},{"id":3436,"fincertId":"FINCERT-2026-003436","incidentId":17537,"idempotencyKey":"incident-17537","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:32.810580Z","receivedAt":"2026-05-15T20:52:32.832950Z"},{"id":3435,"fincertId":"FINCERT-2026-003435","incidentId":17533,"idempotencyKey":"incident-17533","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:32.742776Z","receivedAt":"2026-05-15T20:52:32.756575Z"},{"id":3434,"fincertId":"FINCERT-2026-003434","incidentId":17532,"idempotencyKey":"incident-17532","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:32.716448Z","receivedAt":"2026-05-15T20:52:32.728823Z"},{"id":3433,"fincertId":"FINCERT-2026-003433","incidentId":17531,"idempotencyKey":"incident-17531","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:32.684768Z","receivedAt":"2026-05-15T20:52:32.699355Z"},{"id":3432,"fincertId":"FINCERT-2026-003432","incidentId":17529,"idempotencyKey":"incident-17529","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:32.644102Z","receivedAt":"2026-05-15T20:52:32.656099Z"},{"id":3431,"fincertId":"FINCERT-2026-003431","incidentId":17527,"idempotencyKey":"incident-17527","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:32.598817Z","receivedAt":"2026-05-15T20:52:32.614025Z"},{"id":3430,"fincertId":"FINCERT-2026-003430","incidentId":17525,"idempotencyKey":"incident-17525","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:32.557436Z","receivedAt":"2026-05-15T20:52:32.573819Z"},{"id":3429,"fincertId":"FINCERT-2026-003429","incidentId":17523,"idempotencyKey":"incident-17523","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:32.511814Z","receivedAt":"2026-05-15T20:52:32.527547Z"},{"id":3428,"fincertId":"FINCERT-2026-003428","incidentId":17520,"idempotencyKey":"incident-17520","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:32.425569Z","receivedAt":"2026-05-15T20:52:32.443995Z"},{"id":3427,"fincertId":"FINCERT-2026-003427","incidentId":17517,"idempotencyKey":"incident-17517","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:32.363688Z","receivedAt":"2026-05-15T20:52:32.375858Z"},{"id":3426,"fincertId":"FINCERT-2026-003426","incidentId":17512,"idempotencyKey":"incident-17512","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:32.228107Z","receivedAt":"2026-05-15T20:52:32.244098Z"},{"id":3425,"fincertId":"FINCERT-2026-003425","incidentId":17508,"idempotencyKey":"incident-17508","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:32.083089Z","receivedAt":"2026-05-15T20:52:32.110345Z"},{"id":3424,"fincertId":"FINCERT-2026-003424","incidentId":17495,"idempotencyKey":"incident-17495","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:31.755343Z","receivedAt":"2026-05-15T20:52:31.771026Z"},{"id":3423,"fincertId":"FINCERT-2026-003423","incidentId":17494,"idempotencyKey":"incident-17494","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:31.734157Z","receivedAt":"2026-05-15T20:52:31.747787Z"},{"id":3422,"fincertId":"FINCERT-2026-003422","incidentId":17493,"idempotencyKey":"incident-17493","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:31.675048Z","receivedAt":"2026-05-15T20:52:31.708800Z"},{"id":3421,"fincertId":"FINCERT-2026-003421","incidentId":17492,"idempotencyKey":"incident-17492","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:31.642020Z","receivedAt":"2026-05-15T20:52:31.665055Z"},{"id":3420,"fincertId":"FINCERT-2026-003420","incidentId":17489,"idempotencyKey":"incident-17489","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:31.565837Z","receivedAt":"2026-05-15T20:52:31.579989Z"},{"id":3419,"fincertId":"FINCERT-2026-003419","incidentId":17487,"idempotencyKey":"incident-17487","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:31.517611Z","receivedAt":"2026-05-15T20:52:31.536506Z"},{"id":3418,"fincertId":"FINCERT-2026-003418","incidentId":17484,"idempotencyKey":"incident-17484","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:31.443287Z","receivedAt":"2026-05-15T20:52:31.461765Z"},{"id":3417,"fincertId":"FINCERT-2026-003417","incidentId":17478,"idempotencyKey":"incident-17478","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:31.317463Z","receivedAt":"2026-05-15T20:52:31.343973Z"},{"id":3416,"fincertId":"FINCERT-2026-003416","incidentId":17473,"idempotencyKey":"incident-17473","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:31.221664Z","receivedAt":"2026-05-15T20:52:31.244649Z"},{"id":3415,"fincertId":"FINCERT-2026-003415","incidentId":17471,"idempotencyKey":"incident-17471","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:31.181047Z","receivedAt":"2026-05-15T20:52:31.193781Z"},{"id":3414,"fincertId":"FINCERT-2026-003414","incidentId":17469,"idempotencyKey":"incident-17469","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:31.139156Z","receivedAt":"2026-05-15T20:52:31.151211Z"},{"id":3413,"fincertId":"FINCERT-2026-003413","incidentId":17464,"idempotencyKey":"incident-17464","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:31.052387Z","receivedAt":"2026-05-15T20:52:31.063866Z"},{"id":3412,"fincertId":"FINCERT-2026-003412","incidentId":17463,"idempotencyKey":"incident-17463","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:31.031045Z","receivedAt":"2026-05-15T20:52:31.046094Z"},{"id":3411,"fincertId":"FINCERT-2026-003411","incidentId":17460,"idempotencyKey":"incident-17460","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:30.943076Z","receivedAt":"2026-05-15T20:52:30.956218Z"},{"id":3410,"fincertId":"FINCERT-2026-003410","incidentId":17458,"idempotencyKey":"incident-17458","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:30.898162Z","receivedAt":"2026-05-15T20:52:30.913085Z"},{"id":3409,"fincertId":"FINCERT-2026-003409","incidentId":17451,"idempotencyKey":"incident-17451","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:30.771659Z","receivedAt":"2026-05-15T20:52:30.784874Z"},{"id":3408,"fincertId":"FINCERT-2026-003408","incidentId":17445,"idempotencyKey":"incident-17445","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:30.678739Z","receivedAt":"2026-05-15T20:52:30.693438Z"},{"id":3407,"fincertId":"FINCERT-2026-003407","incidentId":17443,"idempotencyKey":"incident-17443","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:30.632811Z","receivedAt":"2026-05-15T20:52:30.655403Z"},{"id":3406,"fincertId":"FINCERT-2026-003406","incidentId":17438,"idempotencyKey":"incident-17438","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:30.546206Z","receivedAt":"2026-05-15T20:52:30.558739Z"},{"id":3405,"fincertId":"FINCERT-2026-003405","incidentId":17431,"idempotencyKey":"incident-17431","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:30.430368Z","receivedAt":"2026-05-15T20:52:30.443953Z"},{"id":3404,"fincertId":"FINCERT-2026-003404","incidentId":17430,"idempotencyKey":"incident-17430","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:30.405854Z","receivedAt":"2026-05-15T20:52:30.421756Z"},{"id":3403,"fincertId":"FINCERT-2026-003403","incidentId":17429,"idempotencyKey":"incident-17429","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:30.382824Z","receivedAt":"2026-05-15T20:52:30.398500Z"},{"id":3402,"fincertId":"FINCERT-2026-003402","incidentId":17427,"idempotencyKey":"incident-17427","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:30.331334Z","receivedAt":"2026-05-15T20:52:30.353116Z"},{"id":3401,"fincertId":"FINCERT-2026-003401","incidentId":17426,"idempotencyKey":"incident-17426","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:30.302195Z","receivedAt":"2026-05-15T20:52:30.319816Z"},{"id":3400,"fincertId":"FINCERT-2026-003400","incidentId":17425,"idempotencyKey":"incident-17425","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:30.282620Z","receivedAt":"2026-05-15T20:52:30.293610Z"},{"id":3399,"fincertId":"FINCERT-2026-003399","incidentId":17415,"idempotencyKey":"incident-17415","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:30.067878Z","receivedAt":"2026-05-15T20:52:30.082225Z"},{"id":3398,"fincertId":"FINCERT-2026-003398","incidentId":17414,"idempotencyKey":"incident-17414","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:30.048468Z","receivedAt":"2026-05-15T20:52:30.061091Z"},{"id":3397,"fincertId":"FINCERT-2026-003397","incidentId":17410,"idempotencyKey":"incident-17410","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:29.959678Z","receivedAt":"2026-05-15T20:52:29.983589Z"},{"id":3396,"fincertId":"FINCERT-2026-003396","incidentId":17409,"idempotencyKey":"incident-17409","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:29.939063Z","receivedAt":"2026-05-15T20:52:29.951579Z"},{"id":3395,"fincertId":"FINCERT-2026-003395","incidentId":17405,"idempotencyKey":"incident-17405","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:29.867569Z","receivedAt":"2026-05-15T20:52:29.880358Z"},{"id":3394,"fincertId":"FINCERT-2026-003394","incidentId":17403,"idempotencyKey":"incident-17403","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:29.818969Z","receivedAt":"2026-05-15T20:52:29.838744Z"},{"id":3393,"fincertId":"FINCERT-2026-003393","incidentId":17402,"idempotencyKey":"incident-17402","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:29.790400Z","receivedAt":"2026-05-15T20:52:29.809018Z"},{"id":3392,"fincertId":"FINCERT-2026-003392","incidentId":17401,"idempotencyKey":"incident-17401","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:29.769791Z","receivedAt":"2026-05-15T20:52:29.782850Z"},{"id":3391,"fincertId":"FINCERT-2026-003391","incidentId":17400,"idempotencyKey":"incident-17400","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:29.749700Z","receivedAt":"2026-05-15T20:52:29.762436Z"},{"id":3390,"fincertId":"FINCERT-2026-003390","incidentId":17397,"idempotencyKey":"incident-17397","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:29.683821Z","receivedAt":"2026-05-15T20:52:29.704736Z"},{"id":3389,"fincertId":"FINCERT-2026-003389","incidentId":17387,"idempotencyKey":"incident-17387","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:29.464991Z","receivedAt":"2026-05-15T20:52:29.489628Z"},{"id":3388,"fincertId":"FINCERT-2026-003388","incidentId":17384,"idempotencyKey":"incident-17384","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:29.413790Z","receivedAt":"2026-05-15T20:52:29.425621Z"},{"id":3387,"fincertId":"FINCERT-2026-003387","incidentId":17380,"idempotencyKey":"incident-17380","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:29.340661Z","receivedAt":"2026-05-15T20:52:29.363210Z"},{"id":3386,"fincertId":"FINCERT-2026-003386","incidentId":17379,"idempotencyKey":"incident-17379","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:29.302015Z","receivedAt":"2026-05-15T20:52:29.321445Z"},{"id":3385,"fincertId":"FINCERT-2026-003385","incidentId":17371,"idempotencyKey":"incident-17371","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:29.171922Z","receivedAt":"2026-05-15T20:52:29.186767Z"},{"id":3384,"fincertId":"FINCERT-2026-003384","incidentId":17356,"idempotencyKey":"incident-17356","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:28.893953Z","receivedAt":"2026-05-15T20:52:28.905297Z"},{"id":3383,"fincertId":"FINCERT-2026-003383","incidentId":17355,"idempotencyKey":"incident-17355","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:28.875635Z","receivedAt":"2026-05-15T20:52:28.887343Z"},{"id":3382,"fincertId":"FINCERT-2026-003382","incidentId":17350,"idempotencyKey":"incident-17350","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:28.775474Z","receivedAt":"2026-05-15T20:52:28.789201Z"},{"id":3381,"fincertId":"FINCERT-2026-003381","incidentId":17344,"idempotencyKey":"incident-17344","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:28.644694Z","receivedAt":"2026-05-15T20:52:28.660058Z"},{"id":3380,"fincertId":"FINCERT-2026-003380","incidentId":17343,"idempotencyKey":"incident-17343","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:28.616494Z","receivedAt":"2026-05-15T20:52:28.636916Z"},{"id":3379,"fincertId":"FINCERT-2026-003379","incidentId":17342,"idempotencyKey":"incident-17342","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:28.595141Z","receivedAt":"2026-05-15T20:52:28.608608Z"},{"id":3378,"fincertId":"FINCERT-2026-003378","incidentId":17341,"idempotencyKey":"incident-17341","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:28.576252Z","receivedAt":"2026-05-15T20:52:28.588509Z"},{"id":3377,"fincertId":"FINCERT-2026-003377","incidentId":17338,"idempotencyKey":"incident-17338","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:28.515840Z","receivedAt":"2026-05-15T20:52:28.533623Z"},{"id":3376,"fincertId":"FINCERT-2026-003376","incidentId":17337,"idempotencyKey":"incident-17337","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:28.478752Z","receivedAt":"2026-05-15T20:52:28.501805Z"},{"id":3375,"fincertId":"FINCERT-2026-003375","incidentId":17325,"idempotencyKey":"incident-17325","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:28.211839Z","receivedAt":"2026-05-15T20:52:28.226797Z"},{"id":3374,"fincertId":"FINCERT-2026-003374","incidentId":17324,"idempotencyKey":"incident-17324","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:28.156679Z","receivedAt":"2026-05-15T20:52:28.186875Z"},{"id":3373,"fincertId":"FINCERT-2026-003373","incidentId":17322,"idempotencyKey":"incident-17322","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:28.087493Z","receivedAt":"2026-05-15T20:52:28.100630Z"},{"id":3372,"fincertId":"FINCERT-2026-003372","incidentId":17316,"idempotencyKey":"incident-17316","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:27.958313Z","receivedAt":"2026-05-15T20:52:27.976585Z"},{"id":3371,"fincertId":"FINCERT-2026-003371","incidentId":17315,"idempotencyKey":"incident-17315","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:27.940541Z","receivedAt":"2026-05-15T20:52:27.951666Z"},{"id":3370,"fincertId":"FINCERT-2026-003370","incidentId":17311,"idempotencyKey":"incident-17311","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:27.866394Z","receivedAt":"2026-05-15T20:52:27.881385Z"},{"id":3369,"fincertId":"FINCERT-2026-003369","incidentId":17310,"idempotencyKey":"incident-17310","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:27.817674Z","receivedAt":"2026-05-15T20:52:27.852202Z"},{"id":3368,"fincertId":"FINCERT-2026-003368","incidentId":17308,"idempotencyKey":"incident-17308","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:27.765814Z","receivedAt":"2026-05-15T20:52:27.776852Z"},{"id":3367,"fincertId":"FINCERT-2026-003367","incidentId":17301,"idempotencyKey":"incident-17301","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:27.619447Z","receivedAt":"2026-05-15T20:52:27.647942Z"},{"id":3366,"fincertId":"FINCERT-2026-003366","incidentId":17299,"idempotencyKey":"incident-17299","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:27.577158Z","receivedAt":"2026-05-15T20:52:27.590002Z"},{"id":3365,"fincertId":"FINCERT-2026-003365","incidentId":17295,"idempotencyKey":"incident-17295","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:27.484245Z","receivedAt":"2026-05-15T20:52:27.503606Z"},{"id":3364,"fincertId":"FINCERT-2026-003364","incidentId":17294,"idempotencyKey":"incident-17294","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:27.447777Z","receivedAt":"2026-05-15T20:52:27.467050Z"},{"id":3363,"fincertId":"FINCERT-2026-003363","incidentId":17291,"idempotencyKey":"incident-17291","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:27.394544Z","receivedAt":"2026-05-15T20:52:27.409079Z"},{"id":3362,"fincertId":"FINCERT-2026-003362","incidentId":17290,"idempotencyKey":"incident-17290","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:27.344376Z","receivedAt":"2026-05-15T20:52:27.371661Z"},{"id":3361,"fincertId":"FINCERT-2026-003361","incidentId":17283,"idempotencyKey":"incident-17283","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:27.224323Z","receivedAt":"2026-05-15T20:52:27.238720Z"},{"id":3360,"fincertId":"FINCERT-2026-003360","incidentId":17280,"idempotencyKey":"incident-17280","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:27.171064Z","receivedAt":"2026-05-15T20:52:27.184223Z"},{"id":3359,"fincertId":"FINCERT-2026-003359","incidentId":17277,"idempotencyKey":"incident-17277","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:27.111534Z","receivedAt":"2026-05-15T20:52:27.126777Z"},{"id":3358,"fincertId":"FINCERT-2026-003358","incidentId":17267,"idempotencyKey":"incident-17267","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:26.923974Z","receivedAt":"2026-05-15T20:52:26.934558Z"},{"id":3357,"fincertId":"FINCERT-2026-003357","incidentId":17260,"idempotencyKey":"incident-17260","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:26.801843Z","receivedAt":"2026-05-15T20:52:26.821131Z"},{"id":3356,"fincertId":"FINCERT-2026-003356","incidentId":17257,"idempotencyKey":"incident-17257","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:26.746398Z","receivedAt":"2026-05-15T20:52:26.761447Z"},{"id":3355,"fincertId":"FINCERT-2026-003355","incidentId":17255,"idempotencyKey":"incident-17255","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:26.707545Z","receivedAt":"2026-05-15T20:52:26.719538Z"},{"id":3354,"fincertId":"FINCERT-2026-003354","incidentId":17254,"idempotencyKey":"incident-17254","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:26.685643Z","receivedAt":"2026-05-15T20:52:26.699379Z"},{"id":3353,"fincertId":"FINCERT-2026-003353","incidentId":17244,"idempotencyKey":"incident-17244","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:26.521751Z","receivedAt":"2026-05-15T20:52:26.532389Z"},{"id":3352,"fincertId":"FINCERT-2026-003352","incidentId":17243,"idempotencyKey":"incident-17243","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:26.503433Z","receivedAt":"2026-05-15T20:52:26.516141Z"},{"id":3351,"fincertId":"FINCERT-2026-003351","incidentId":17234,"idempotencyKey":"incident-17234","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:26.288882Z","receivedAt":"2026-05-15T20:52:26.307618Z"},{"id":3350,"fincertId":"FINCERT-2026-003350","incidentId":17229,"idempotencyKey":"incident-17229","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:26.198090Z","receivedAt":"2026-05-15T20:52:26.211990Z"},{"id":3349,"fincertId":"FINCERT-2026-003349","incidentId":17228,"idempotencyKey":"incident-17228","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:26.153855Z","receivedAt":"2026-05-15T20:52:26.181557Z"},{"id":3348,"fincertId":"FINCERT-2026-003348","incidentId":17227,"idempotencyKey":"incident-17227","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:26.119601Z","receivedAt":"2026-05-15T20:52:26.144475Z"},{"id":3347,"fincertId":"FINCERT-2026-003347","incidentId":17218,"idempotencyKey":"incident-17218","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:25.914Z","receivedAt":"2026-05-15T20:52:25.926129Z"},{"id":3346,"fincertId":"FINCERT-2026-003346","incidentId":17216,"idempotencyKey":"incident-17216","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.878110Z","receivedAt":"2026-05-15T20:52:25.891372Z"},{"id":3345,"fincertId":"FINCERT-2026-003345","incidentId":17215,"idempotencyKey":"incident-17215","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:25.858049Z","receivedAt":"2026-05-15T20:52:25.871403Z"},{"id":3344,"fincertId":"FINCERT-2026-003344","incidentId":17211,"idempotencyKey":"incident-17211","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.788471Z","receivedAt":"2026-05-15T20:52:25.803603Z"},{"id":3343,"fincertId":"FINCERT-2026-003343","incidentId":17209,"idempotencyKey":"incident-17209","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:25.753946Z","receivedAt":"2026-05-15T20:52:25.767075Z"},{"id":3342,"fincertId":"FINCERT-2026-003342","incidentId":17206,"idempotencyKey":"incident-17206","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.706321Z","receivedAt":"2026-05-15T20:52:25.719060Z"},{"id":3341,"fincertId":"FINCERT-2026-003341","incidentId":17205,"idempotencyKey":"incident-17205","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:25.680567Z","receivedAt":"2026-05-15T20:52:25.693147Z"},{"id":3340,"fincertId":"FINCERT-2026-003340","incidentId":17204,"idempotencyKey":"incident-17204","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:25.651097Z","receivedAt":"2026-05-15T20:52:25.666656Z"},{"id":3339,"fincertId":"FINCERT-2026-003339","incidentId":17203,"idempotencyKey":"incident-17203","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.623758Z","receivedAt":"2026-05-15T20:52:25.643097Z"},{"id":3338,"fincertId":"FINCERT-2026-003338","incidentId":17201,"idempotencyKey":"incident-17201","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.574623Z","receivedAt":"2026-05-15T20:52:25.595895Z"},{"id":3337,"fincertId":"FINCERT-2026-003337","incidentId":17199,"idempotencyKey":"incident-17199","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:25.537081Z","receivedAt":"2026-05-15T20:52:25.548045Z"},{"id":3336,"fincertId":"FINCERT-2026-003336","incidentId":17190,"idempotencyKey":"incident-17190","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.379976Z","receivedAt":"2026-05-15T20:52:25.394473Z"},{"id":3335,"fincertId":"FINCERT-2026-003335","incidentId":17186,"idempotencyKey":"incident-17186","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:25.268307Z","receivedAt":"2026-05-15T20:52:25.281090Z"},{"id":3334,"fincertId":"FINCERT-2026-003334","incidentId":17185,"idempotencyKey":"incident-17185","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.251079Z","receivedAt":"2026-05-15T20:52:25.262325Z"},{"id":3333,"fincertId":"FINCERT-2026-003333","incidentId":17184,"idempotencyKey":"incident-17184","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.235021Z","receivedAt":"2026-05-15T20:52:25.245626Z"},{"id":3332,"fincertId":"FINCERT-2026-003332","incidentId":17182,"idempotencyKey":"incident-17182","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:25.203964Z","receivedAt":"2026-05-15T20:52:25.214931Z"},{"id":3331,"fincertId":"FINCERT-2026-003331","incidentId":17176,"idempotencyKey":"incident-17176","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:25.110058Z","receivedAt":"2026-05-15T20:52:25.128578Z"},{"id":3330,"fincertId":"FINCERT-2026-003330","incidentId":17175,"idempotencyKey":"incident-17175","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:25.090741Z","receivedAt":"2026-05-15T20:52:25.102282Z"},{"id":3329,"fincertId":"FINCERT-2026-003329","incidentId":17174,"idempotencyKey":"incident-17174","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:25.066944Z","receivedAt":"2026-05-15T20:52:25.085149Z"},{"id":3328,"fincertId":"FINCERT-2026-003328","incidentId":17170,"idempotencyKey":"incident-17170","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:24.986314Z","receivedAt":"2026-05-15T20:52:25.000818Z"},{"id":3327,"fincertId":"FINCERT-2026-003327","incidentId":17165,"idempotencyKey":"incident-17165","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:24.871678Z","receivedAt":"2026-05-15T20:52:24.892655Z"},{"id":3326,"fincertId":"FINCERT-2026-003326","incidentId":17164,"idempotencyKey":"incident-17164","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:24.844901Z","receivedAt":"2026-05-15T20:52:24.862615Z"},{"id":3325,"fincertId":"FINCERT-2026-003325","incidentId":17161,"idempotencyKey":"incident-17161","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:24.766572Z","receivedAt":"2026-05-15T20:52:24.779981Z"},{"id":3324,"fincertId":"FINCERT-2026-003324","incidentId":17156,"idempotencyKey":"incident-17156","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:24.622408Z","receivedAt":"2026-05-15T20:52:24.638897Z"},{"id":3323,"fincertId":"FINCERT-2026-003323","incidentId":17146,"idempotencyKey":"incident-17146","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:24.397350Z","receivedAt":"2026-05-15T20:52:24.411016Z"},{"id":3322,"fincertId":"FINCERT-2026-003322","incidentId":17143,"idempotencyKey":"incident-17143","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:24.345382Z","receivedAt":"2026-05-15T20:52:24.359793Z"},{"id":3321,"fincertId":"FINCERT-2026-003321","incidentId":17139,"idempotencyKey":"incident-17139","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:24.268025Z","receivedAt":"2026-05-15T20:52:24.280968Z"},{"id":3320,"fincertId":"FINCERT-2026-003320","incidentId":17136,"idempotencyKey":"incident-17136","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:24.209867Z","receivedAt":"2026-05-15T20:52:24.223457Z"},{"id":3319,"fincertId":"FINCERT-2026-003319","incidentId":17135,"idempotencyKey":"incident-17135","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:24.188981Z","receivedAt":"2026-05-15T20:52:24.202959Z"},{"id":3318,"fincertId":"FINCERT-2026-003318","incidentId":17131,"idempotencyKey":"incident-17131","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:24.103069Z","receivedAt":"2026-05-15T20:52:24.120868Z"},{"id":3317,"fincertId":"FINCERT-2026-003317","incidentId":17128,"idempotencyKey":"incident-17128","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:24.043729Z","receivedAt":"2026-05-15T20:52:24.057894Z"},{"id":3316,"fincertId":"FINCERT-2026-003316","incidentId":17125,"idempotencyKey":"incident-17125","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.975915Z","receivedAt":"2026-05-15T20:52:23.995956Z"},{"id":3315,"fincertId":"FINCERT-2026-003315","incidentId":17122,"idempotencyKey":"incident-17122","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.920754Z","receivedAt":"2026-05-15T20:52:23.932486Z"},{"id":3314,"fincertId":"FINCERT-2026-003314","incidentId":17121,"idempotencyKey":"incident-17121","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:23.902412Z","receivedAt":"2026-05-15T20:52:23.914068Z"},{"id":3313,"fincertId":"FINCERT-2026-003313","incidentId":17118,"idempotencyKey":"incident-17118","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.839568Z","receivedAt":"2026-05-15T20:52:23.860398Z"},{"id":3312,"fincertId":"FINCERT-2026-003312","incidentId":17117,"idempotencyKey":"incident-17117","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.808339Z","receivedAt":"2026-05-15T20:52:23.828978Z"},{"id":3311,"fincertId":"FINCERT-2026-003311","incidentId":17116,"idempotencyKey":"incident-17116","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.790492Z","receivedAt":"2026-05-15T20:52:23.800664Z"},{"id":3310,"fincertId":"FINCERT-2026-003310","incidentId":17112,"idempotencyKey":"incident-17112","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:23.706281Z","receivedAt":"2026-05-15T20:52:23.717585Z"},{"id":3309,"fincertId":"FINCERT-2026-003309","incidentId":17107,"idempotencyKey":"incident-17107","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.588526Z","receivedAt":"2026-05-15T20:52:23.601364Z"},{"id":3308,"fincertId":"FINCERT-2026-003308","incidentId":17106,"idempotencyKey":"incident-17106","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:23.562590Z","receivedAt":"2026-05-15T20:52:23.574105Z"},{"id":3307,"fincertId":"FINCERT-2026-003307","incidentId":17105,"idempotencyKey":"incident-17105","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.544399Z","receivedAt":"2026-05-15T20:52:23.556142Z"},{"id":3306,"fincertId":"FINCERT-2026-003306","incidentId":17103,"idempotencyKey":"incident-17103","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.511967Z","receivedAt":"2026-05-15T20:52:23.525155Z"},{"id":3305,"fincertId":"FINCERT-2026-003305","incidentId":17102,"idempotencyKey":"incident-17102","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.483870Z","receivedAt":"2026-05-15T20:52:23.506013Z"},{"id":3304,"fincertId":"FINCERT-2026-003304","incidentId":17100,"idempotencyKey":"incident-17100","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.443536Z","receivedAt":"2026-05-15T20:52:23.457003Z"},{"id":3303,"fincertId":"FINCERT-2026-003303","incidentId":17099,"idempotencyKey":"incident-17099","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.421513Z","receivedAt":"2026-05-15T20:52:23.435952Z"},{"id":3302,"fincertId":"FINCERT-2026-003302","incidentId":17097,"idempotencyKey":"incident-17097","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.385375Z","receivedAt":"2026-05-15T20:52:23.400991Z"},{"id":3301,"fincertId":"FINCERT-2026-003301","incidentId":17096,"idempotencyKey":"incident-17096","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.349910Z","receivedAt":"2026-05-15T20:52:23.377798Z"},{"id":3300,"fincertId":"FINCERT-2026-003300","incidentId":17095,"idempotencyKey":"incident-17095","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:23.297218Z","receivedAt":"2026-05-15T20:52:23.322390Z"},{"id":3299,"fincertId":"FINCERT-2026-003299","incidentId":17094,"idempotencyKey":"incident-17094","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.278673Z","receivedAt":"2026-05-15T20:52:23.290321Z"},{"id":3298,"fincertId":"FINCERT-2026-003298","incidentId":17093,"idempotencyKey":"incident-17093","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.253452Z","receivedAt":"2026-05-15T20:52:23.267500Z"},{"id":3297,"fincertId":"FINCERT-2026-003297","incidentId":17091,"idempotencyKey":"incident-17091","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.214293Z","receivedAt":"2026-05-15T20:52:23.229002Z"},{"id":3296,"fincertId":"FINCERT-2026-003296","incidentId":17086,"idempotencyKey":"incident-17086","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:23.086075Z","receivedAt":"2026-05-15T20:52:23.099557Z"},{"id":3295,"fincertId":"FINCERT-2026-003295","incidentId":17083,"idempotencyKey":"incident-17083","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:23.037883Z","receivedAt":"2026-05-15T20:52:23.050892Z"},{"id":3294,"fincertId":"FINCERT-2026-003294","incidentId":17078,"idempotencyKey":"incident-17078","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:22.933167Z","receivedAt":"2026-05-15T20:52:22.947191Z"},{"id":3293,"fincertId":"FINCERT-2026-003293","incidentId":17076,"idempotencyKey":"incident-17076","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:22.898471Z","receivedAt":"2026-05-15T20:52:22.912051Z"},{"id":3292,"fincertId":"FINCERT-2026-003292","incidentId":17075,"idempotencyKey":"incident-17075","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:22.871644Z","receivedAt":"2026-05-15T20:52:22.891802Z"},{"id":3291,"fincertId":"FINCERT-2026-003291","incidentId":17073,"idempotencyKey":"incident-17073","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:22.813483Z","receivedAt":"2026-05-15T20:52:22.831969Z"},{"id":3290,"fincertId":"FINCERT-2026-003290","incidentId":17072,"idempotencyKey":"incident-17072","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:22.783095Z","receivedAt":"2026-05-15T20:52:22.797393Z"},{"id":3289,"fincertId":"FINCERT-2026-003289","incidentId":17069,"idempotencyKey":"incident-17069","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:22.715016Z","receivedAt":"2026-05-15T20:52:22.739918Z"},{"id":3288,"fincertId":"FINCERT-2026-003288","incidentId":17061,"idempotencyKey":"incident-17061","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:22.575856Z","receivedAt":"2026-05-15T20:52:22.590230Z"},{"id":3287,"fincertId":"FINCERT-2026-003287","incidentId":17059,"idempotencyKey":"incident-17059","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:22.545239Z","receivedAt":"2026-05-15T20:52:22.556827Z"},{"id":3286,"fincertId":"FINCERT-2026-003286","incidentId":17058,"idempotencyKey":"incident-17058","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:22.518703Z","receivedAt":"2026-05-15T20:52:22.532376Z"},{"id":3285,"fincertId":"FINCERT-2026-003285","incidentId":17057,"idempotencyKey":"incident-17057","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:22.499251Z","receivedAt":"2026-05-15T20:52:22.512307Z"},{"id":3284,"fincertId":"FINCERT-2026-003284","incidentId":17054,"idempotencyKey":"incident-17054","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:22.433575Z","receivedAt":"2026-05-15T20:52:22.444455Z"},{"id":3283,"fincertId":"FINCERT-2026-003283","incidentId":17051,"idempotencyKey":"incident-17051","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:22.383139Z","receivedAt":"2026-05-15T20:52:22.394029Z"},{"id":3282,"fincertId":"FINCERT-2026-003282","incidentId":17050,"idempotencyKey":"incident-17050","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:22.359285Z","receivedAt":"2026-05-15T20:52:22.371234Z"},{"id":3281,"fincertId":"FINCERT-2026-003281","incidentId":17049,"idempotencyKey":"incident-17049","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:22.340397Z","receivedAt":"2026-05-15T20:52:22.353559Z"},{"id":3280,"fincertId":"FINCERT-2026-003280","incidentId":17046,"idempotencyKey":"incident-17046","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:22.278370Z","receivedAt":"2026-05-15T20:52:22.289366Z"},{"id":3279,"fincertId":"FINCERT-2026-003279","incidentId":17042,"idempotencyKey":"incident-17042","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:22.218806Z","receivedAt":"2026-05-15T20:52:22.230923Z"},{"id":3278,"fincertId":"FINCERT-2026-003278","incidentId":17038,"idempotencyKey":"incident-17038","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:22.149438Z","receivedAt":"2026-05-15T20:52:22.167035Z"},{"id":3277,"fincertId":"FINCERT-2026-003277","incidentId":17037,"idempotencyKey":"incident-17037","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:22.099723Z","receivedAt":"2026-05-15T20:52:22.127752Z"},{"id":3276,"fincertId":"FINCERT-2026-003276","incidentId":17036,"idempotencyKey":"incident-17036","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:22.073685Z","receivedAt":"2026-05-15T20:52:22.086952Z"},{"id":3275,"fincertId":"FINCERT-2026-003275","incidentId":17029,"idempotencyKey":"incident-17029","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:21.934860Z","receivedAt":"2026-05-15T20:52:21.946858Z"},{"id":3274,"fincertId":"FINCERT-2026-003274","incidentId":17027,"idempotencyKey":"incident-17027","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:21.897410Z","receivedAt":"2026-05-15T20:52:21.907588Z"},{"id":3273,"fincertId":"FINCERT-2026-003273","incidentId":17026,"idempotencyKey":"incident-17026","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:21.872381Z","receivedAt":"2026-05-15T20:52:21.884390Z"},{"id":3272,"fincertId":"FINCERT-2026-003272","incidentId":17019,"idempotencyKey":"incident-17019","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:21.751955Z","receivedAt":"2026-05-15T20:52:21.765320Z"},{"id":3271,"fincertId":"FINCERT-2026-003271","incidentId":17016,"idempotencyKey":"incident-17016","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:21.699844Z","receivedAt":"2026-05-15T20:52:21.714491Z"},{"id":3270,"fincertId":"FINCERT-2026-003270","incidentId":17014,"idempotencyKey":"incident-17014","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:21.656580Z","receivedAt":"2026-05-15T20:52:21.674025Z"},{"id":3269,"fincertId":"FINCERT-2026-003269","incidentId":17013,"idempotencyKey":"incident-17013","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:21.624687Z","receivedAt":"2026-05-15T20:52:21.643968Z"},{"id":3268,"fincertId":"FINCERT-2026-003268","incidentId":17012,"idempotencyKey":"incident-17012","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:21.600461Z","receivedAt":"2026-05-15T20:52:21.614913Z"},{"id":3267,"fincertId":"FINCERT-2026-003267","incidentId":17004,"idempotencyKey":"incident-17004","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:21.451612Z","receivedAt":"2026-05-15T20:52:21.472057Z"},{"id":3266,"fincertId":"FINCERT-2026-003266","incidentId":16998,"idempotencyKey":"incident-16998","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:21.325162Z","receivedAt":"2026-05-15T20:52:21.351981Z"},{"id":3265,"fincertId":"FINCERT-2026-003265","incidentId":16995,"idempotencyKey":"incident-16995","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:21.263305Z","receivedAt":"2026-05-15T20:52:21.277810Z"},{"id":3264,"fincertId":"FINCERT-2026-003264","incidentId":16994,"idempotencyKey":"incident-16994","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:21.233137Z","receivedAt":"2026-05-15T20:52:21.248683Z"},{"id":3263,"fincertId":"FINCERT-2026-003263","incidentId":16992,"idempotencyKey":"incident-16992","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:21.187120Z","receivedAt":"2026-05-15T20:52:21.201390Z"},{"id":3262,"fincertId":"FINCERT-2026-003262","incidentId":16991,"idempotencyKey":"incident-16991","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:21.160783Z","receivedAt":"2026-05-15T20:52:21.178323Z"},{"id":3261,"fincertId":"FINCERT-2026-003261","incidentId":16989,"idempotencyKey":"incident-16989","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:21.088801Z","receivedAt":"2026-05-15T20:52:21.118327Z"},{"id":3260,"fincertId":"FINCERT-2026-003260","incidentId":16983,"idempotencyKey":"incident-16983","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:20.976132Z","receivedAt":"2026-05-15T20:52:21.003347Z"},{"id":3259,"fincertId":"FINCERT-2026-003259","incidentId":16982,"idempotencyKey":"incident-16982","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:20.939684Z","receivedAt":"2026-05-15T20:52:20.956574Z"},{"id":3258,"fincertId":"FINCERT-2026-003258","incidentId":16978,"idempotencyKey":"incident-16978","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:20.873842Z","receivedAt":"2026-05-15T20:52:20.886112Z"},{"id":3257,"fincertId":"FINCERT-2026-003257","incidentId":16975,"idempotencyKey":"incident-16975","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:20.795861Z","receivedAt":"2026-05-15T20:52:20.823104Z"},{"id":3256,"fincertId":"FINCERT-2026-003256","incidentId":16974,"idempotencyKey":"incident-16974","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:20.766004Z","receivedAt":"2026-05-15T20:52:20.780253Z"},{"id":3255,"fincertId":"FINCERT-2026-003255","incidentId":16969,"idempotencyKey":"incident-16969","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:20.686569Z","receivedAt":"2026-05-15T20:52:20.699573Z"},{"id":3254,"fincertId":"FINCERT-2026-003254","incidentId":16959,"idempotencyKey":"incident-16959","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:20.506508Z","receivedAt":"2026-05-15T20:52:20.521687Z"},{"id":3253,"fincertId":"FINCERT-2026-003253","incidentId":16945,"idempotencyKey":"incident-16945","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:20.228680Z","receivedAt":"2026-05-15T20:52:20.252148Z"},{"id":3252,"fincertId":"FINCERT-2026-003252","incidentId":16942,"idempotencyKey":"incident-16942","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:20.171846Z","receivedAt":"2026-05-15T20:52:20.183501Z"},{"id":3251,"fincertId":"FINCERT-2026-003251","incidentId":16940,"idempotencyKey":"incident-16940","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:20.119038Z","receivedAt":"2026-05-15T20:52:20.146826Z"},{"id":3250,"fincertId":"FINCERT-2026-003250","incidentId":16935,"idempotencyKey":"incident-16935","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:19.952871Z","receivedAt":"2026-05-15T20:52:19.969941Z"},{"id":3249,"fincertId":"FINCERT-2026-003249","incidentId":16934,"idempotencyKey":"incident-16934","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:19.920064Z","receivedAt":"2026-05-15T20:52:19.937402Z"},{"id":3248,"fincertId":"FINCERT-2026-003248","incidentId":16933,"idempotencyKey":"incident-16933","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:19.883701Z","receivedAt":"2026-05-15T20:52:19.908390Z"},{"id":3247,"fincertId":"FINCERT-2026-003247","incidentId":16926,"idempotencyKey":"incident-16926","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:19.757494Z","receivedAt":"2026-05-15T20:52:19.772639Z"},{"id":3246,"fincertId":"FINCERT-2026-003246","incidentId":16922,"idempotencyKey":"incident-16922","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:19.683543Z","receivedAt":"2026-05-15T20:52:19.702571Z"},{"id":3245,"fincertId":"FINCERT-2026-003245","incidentId":16919,"idempotencyKey":"incident-16919","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:19.585736Z","receivedAt":"2026-05-15T20:52:19.599610Z"},{"id":3244,"fincertId":"FINCERT-2026-003244","incidentId":16918,"idempotencyKey":"incident-16918","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:19.557638Z","receivedAt":"2026-05-15T20:52:19.572328Z"},{"id":3243,"fincertId":"FINCERT-2026-003243","incidentId":16913,"idempotencyKey":"incident-16913","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:19.421340Z","receivedAt":"2026-05-15T20:52:19.436870Z"},{"id":3242,"fincertId":"FINCERT-2026-003242","incidentId":16910,"idempotencyKey":"incident-16910","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:19.368661Z","receivedAt":"2026-05-15T20:52:19.382403Z"},{"id":3241,"fincertId":"FINCERT-2026-003241","incidentId":16898,"idempotencyKey":"incident-16898","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:19.114216Z","receivedAt":"2026-05-15T20:52:19.132045Z"},{"id":3240,"fincertId":"FINCERT-2026-003240","incidentId":16897,"idempotencyKey":"incident-16897","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:19.091282Z","receivedAt":"2026-05-15T20:52:19.105123Z"},{"id":3239,"fincertId":"FINCERT-2026-003239","incidentId":16896,"idempotencyKey":"incident-16896","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:19.070717Z","receivedAt":"2026-05-15T20:52:19.083542Z"},{"id":3238,"fincertId":"FINCERT-2026-003238","incidentId":16890,"idempotencyKey":"incident-16890","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:18.924078Z","receivedAt":"2026-05-15T20:52:18.937744Z"},{"id":3237,"fincertId":"FINCERT-2026-003237","incidentId":16887,"idempotencyKey":"incident-16887","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:18.872241Z","receivedAt":"2026-05-15T20:52:18.883593Z"},{"id":3236,"fincertId":"FINCERT-2026-003236","incidentId":16886,"idempotencyKey":"incident-16886","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:18.844436Z","receivedAt":"2026-05-15T20:52:18.864949Z"},{"id":3235,"fincertId":"FINCERT-2026-003235","incidentId":16885,"idempotencyKey":"incident-16885","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:18.797649Z","receivedAt":"2026-05-15T20:52:18.822798Z"},{"id":3234,"fincertId":"FINCERT-2026-003234","incidentId":16881,"idempotencyKey":"incident-16881","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:18.730550Z","receivedAt":"2026-05-15T20:52:18.743653Z"},{"id":3233,"fincertId":"FINCERT-2026-003233","incidentId":16879,"idempotencyKey":"incident-16879","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:18.693243Z","receivedAt":"2026-05-15T20:52:18.707148Z"},{"id":3232,"fincertId":"FINCERT-2026-003232","incidentId":16877,"idempotencyKey":"incident-16877","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:18.654868Z","receivedAt":"2026-05-15T20:52:18.666641Z"},{"id":3231,"fincertId":"FINCERT-2026-003231","incidentId":16872,"idempotencyKey":"incident-16872","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:18.562023Z","receivedAt":"2026-05-15T20:52:18.575381Z"},{"id":3230,"fincertId":"FINCERT-2026-003230","incidentId":16871,"idempotencyKey":"incident-16871","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:18.536159Z","receivedAt":"2026-05-15T20:52:18.553605Z"},{"id":3229,"fincertId":"FINCERT-2026-003229","incidentId":16856,"idempotencyKey":"incident-16856","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:18.264606Z","receivedAt":"2026-05-15T20:52:18.279061Z"},{"id":3228,"fincertId":"FINCERT-2026-003228","incidentId":16852,"idempotencyKey":"incident-16852","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:18.172728Z","receivedAt":"2026-05-15T20:52:18.192014Z"},{"id":3227,"fincertId":"FINCERT-2026-003227","incidentId":16851,"idempotencyKey":"incident-16851","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:18.138084Z","receivedAt":"2026-05-15T20:52:18.157896Z"},{"id":3226,"fincertId":"FINCERT-2026-003226","incidentId":16850,"idempotencyKey":"incident-16850","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:18.104712Z","receivedAt":"2026-05-15T20:52:18.130489Z"},{"id":3225,"fincertId":"FINCERT-2026-003225","incidentId":16847,"idempotencyKey":"incident-16847","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:18.042498Z","receivedAt":"2026-05-15T20:52:18.062311Z"},{"id":3224,"fincertId":"FINCERT-2026-003224","incidentId":16844,"idempotencyKey":"incident-16844","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:17.947118Z","receivedAt":"2026-05-15T20:52:17.968872Z"},{"id":3223,"fincertId":"FINCERT-2026-003223","incidentId":16841,"idempotencyKey":"incident-16841","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:17.883761Z","receivedAt":"2026-05-15T20:52:17.900009Z"},{"id":3222,"fincertId":"FINCERT-2026-003222","incidentId":16840,"idempotencyKey":"incident-16840","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:17.851672Z","receivedAt":"2026-05-15T20:52:17.869037Z"},{"id":3221,"fincertId":"FINCERT-2026-003221","incidentId":16838,"idempotencyKey":"incident-16838","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:17.799136Z","receivedAt":"2026-05-15T20:52:17.817942Z"},{"id":3220,"fincertId":"FINCERT-2026-003220","incidentId":16837,"idempotencyKey":"incident-16837","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:17.777074Z","receivedAt":"2026-05-15T20:52:17.791964Z"},{"id":3219,"fincertId":"FINCERT-2026-003219","incidentId":16835,"idempotencyKey":"incident-16835","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:17.735784Z","receivedAt":"2026-05-15T20:52:17.748922Z"},{"id":3218,"fincertId":"FINCERT-2026-003218","incidentId":16831,"idempotencyKey":"incident-16831","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:17.666073Z","receivedAt":"2026-05-15T20:52:17.678464Z"},{"id":3217,"fincertId":"FINCERT-2026-003217","incidentId":16828,"idempotencyKey":"incident-16828","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:17.602632Z","receivedAt":"2026-05-15T20:52:17.617276Z"},{"id":3216,"fincertId":"FINCERT-2026-003216","incidentId":16821,"idempotencyKey":"incident-16821","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:17.465684Z","receivedAt":"2026-05-15T20:52:17.491096Z"},{"id":3215,"fincertId":"FINCERT-2026-003215","incidentId":16816,"idempotencyKey":"incident-16816","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:17.378688Z","receivedAt":"2026-05-15T20:52:17.393309Z"},{"id":3214,"fincertId":"FINCERT-2026-003214","incidentId":16814,"idempotencyKey":"incident-16814","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:17.344984Z","receivedAt":"2026-05-15T20:52:17.357498Z"},{"id":3213,"fincertId":"FINCERT-2026-003213","incidentId":16812,"idempotencyKey":"incident-16812","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:17.294222Z","receivedAt":"2026-05-15T20:52:17.309914Z"},{"id":3212,"fincertId":"FINCERT-2026-003212","incidentId":16808,"idempotencyKey":"incident-16808","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:17.221585Z","receivedAt":"2026-05-15T20:52:17.237656Z"},{"id":3211,"fincertId":"FINCERT-2026-003211","incidentId":16807,"idempotencyKey":"incident-16807","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:17.197240Z","receivedAt":"2026-05-15T20:52:17.212752Z"},{"id":3210,"fincertId":"FINCERT-2026-003210","incidentId":16804,"idempotencyKey":"incident-16804","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:17.125707Z","receivedAt":"2026-05-15T20:52:17.143211Z"},{"id":3209,"fincertId":"FINCERT-2026-003209","incidentId":16802,"idempotencyKey":"incident-16802","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:17.058377Z","receivedAt":"2026-05-15T20:52:17.073651Z"},{"id":3208,"fincertId":"FINCERT-2026-003208","incidentId":16791,"idempotencyKey":"incident-16791","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:16.501493Z","receivedAt":"2026-05-15T20:52:16.523891Z"},{"id":3207,"fincertId":"FINCERT-2026-003207","incidentId":16788,"idempotencyKey":"incident-16788","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:16.399502Z","receivedAt":"2026-05-15T20:52:16.420730Z"},{"id":3206,"fincertId":"FINCERT-2026-003206","incidentId":16787,"idempotencyKey":"incident-16787","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:16.343066Z","receivedAt":"2026-05-15T20:52:16.369485Z"},{"id":3205,"fincertId":"FINCERT-2026-003205","incidentId":16784,"idempotencyKey":"incident-16784","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:16.260523Z","receivedAt":"2026-05-15T20:52:16.277199Z"},{"id":3204,"fincertId":"FINCERT-2026-003204","incidentId":16783,"idempotencyKey":"incident-16783","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:16.209585Z","receivedAt":"2026-05-15T20:52:16.245928Z"},{"id":3203,"fincertId":"FINCERT-2026-003203","incidentId":16781,"idempotencyKey":"incident-16781","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:16.144999Z","receivedAt":"2026-05-15T20:52:16.167472Z"},{"id":3202,"fincertId":"FINCERT-2026-003202","incidentId":16761,"idempotencyKey":"incident-16761","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:15.664501Z","receivedAt":"2026-05-15T20:52:15.678992Z"},{"id":3201,"fincertId":"FINCERT-2026-003201","incidentId":16760,"idempotencyKey":"incident-16760","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:15.629528Z","receivedAt":"2026-05-15T20:52:15.647492Z"},{"id":3200,"fincertId":"FINCERT-2026-003200","incidentId":16759,"idempotencyKey":"incident-16759","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:15.595026Z","receivedAt":"2026-05-15T20:52:15.616767Z"},{"id":3199,"fincertId":"FINCERT-2026-003199","incidentId":16756,"idempotencyKey":"incident-16756","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:15.528776Z","receivedAt":"2026-05-15T20:52:15.545583Z"},{"id":3198,"fincertId":"FINCERT-2026-003198","incidentId":16755,"idempotencyKey":"incident-16755","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:15.508674Z","receivedAt":"2026-05-15T20:52:15.522144Z"},{"id":3197,"fincertId":"FINCERT-2026-003197","incidentId":16746,"idempotencyKey":"incident-16746","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:15.310445Z","receivedAt":"2026-05-15T20:52:15.327333Z"},{"id":3196,"fincertId":"FINCERT-2026-003196","incidentId":16745,"idempotencyKey":"incident-16745","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:15.273313Z","receivedAt":"2026-05-15T20:52:15.298749Z"},{"id":3195,"fincertId":"FINCERT-2026-003195","incidentId":16737,"idempotencyKey":"incident-16737","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:15.051097Z","receivedAt":"2026-05-15T20:52:15.082323Z"},{"id":3194,"fincertId":"FINCERT-2026-003194","incidentId":16728,"idempotencyKey":"incident-16728","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:14.776435Z","receivedAt":"2026-05-15T20:52:14.789610Z"},{"id":3193,"fincertId":"FINCERT-2026-003193","incidentId":16724,"idempotencyKey":"incident-16724","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:14.702606Z","receivedAt":"2026-05-15T20:52:14.716999Z"},{"id":3192,"fincertId":"FINCERT-2026-003192","incidentId":16721,"idempotencyKey":"incident-16721","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:14.631504Z","receivedAt":"2026-05-15T20:52:14.649803Z"},{"id":3191,"fincertId":"FINCERT-2026-003191","incidentId":16717,"idempotencyKey":"incident-16717","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:14.548409Z","receivedAt":"2026-05-15T20:52:14.564317Z"},{"id":3190,"fincertId":"FINCERT-2026-003190","incidentId":16713,"idempotencyKey":"incident-16713","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:14.466618Z","receivedAt":"2026-05-15T20:52:14.492431Z"},{"id":3189,"fincertId":"FINCERT-2026-003189","incidentId":16704,"idempotencyKey":"incident-16704","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:14.333698Z","receivedAt":"2026-05-15T20:52:14.346716Z"},{"id":3188,"fincertId":"FINCERT-2026-003188","incidentId":16702,"idempotencyKey":"incident-16702","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:14.286072Z","receivedAt":"2026-05-15T20:52:14.298880Z"},{"id":3187,"fincertId":"FINCERT-2026-003187","incidentId":16694,"idempotencyKey":"incident-16694","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:14.161817Z","receivedAt":"2026-05-15T20:52:14.175074Z"},{"id":3186,"fincertId":"FINCERT-2026-003186","incidentId":16691,"idempotencyKey":"incident-16691","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:14.105371Z","receivedAt":"2026-05-15T20:52:14.121614Z"},{"id":3185,"fincertId":"FINCERT-2026-003185","incidentId":16675,"idempotencyKey":"incident-16675","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:13.826939Z","receivedAt":"2026-05-15T20:52:13.849126Z"},{"id":3184,"fincertId":"FINCERT-2026-003184","incidentId":16672,"idempotencyKey":"incident-16672","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:13.763393Z","receivedAt":"2026-05-15T20:52:13.775099Z"},{"id":3183,"fincertId":"FINCERT-2026-003183","incidentId":16668,"idempotencyKey":"incident-16668","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:13.704638Z","receivedAt":"2026-05-15T20:52:13.715234Z"},{"id":3182,"fincertId":"FINCERT-2026-003182","incidentId":16667,"idempotencyKey":"incident-16667","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:13.677215Z","receivedAt":"2026-05-15T20:52:13.691035Z"},{"id":3181,"fincertId":"FINCERT-2026-003181","incidentId":16666,"idempotencyKey":"incident-16666","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:13.634764Z","receivedAt":"2026-05-15T20:52:13.653898Z"},{"id":3180,"fincertId":"FINCERT-2026-003180","incidentId":16665,"idempotencyKey":"incident-16665","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:13.602093Z","receivedAt":"2026-05-15T20:52:13.622913Z"},{"id":3179,"fincertId":"FINCERT-2026-003179","incidentId":16660,"idempotencyKey":"incident-16660","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:13.497214Z","receivedAt":"2026-05-15T20:52:13.515374Z"},{"id":3178,"fincertId":"FINCERT-2026-003178","incidentId":16652,"idempotencyKey":"incident-16652","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:13.364935Z","receivedAt":"2026-05-15T20:52:13.376568Z"},{"id":3177,"fincertId":"FINCERT-2026-003177","incidentId":16644,"idempotencyKey":"incident-16644","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:13.216843Z","receivedAt":"2026-05-15T20:52:13.232370Z"},{"id":3176,"fincertId":"FINCERT-2026-003176","incidentId":16643,"idempotencyKey":"incident-16643","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:13.191243Z","receivedAt":"2026-05-15T20:52:13.207887Z"},{"id":3175,"fincertId":"FINCERT-2026-003175","incidentId":16641,"idempotencyKey":"incident-16641","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:13.156937Z","receivedAt":"2026-05-15T20:52:13.169711Z"},{"id":3174,"fincertId":"FINCERT-2026-003174","incidentId":16639,"idempotencyKey":"incident-16639","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:13.116098Z","receivedAt":"2026-05-15T20:52:13.133047Z"},{"id":3173,"fincertId":"FINCERT-2026-003173","incidentId":16638,"idempotencyKey":"incident-16638","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:13.095068Z","receivedAt":"2026-05-15T20:52:13.108980Z"},{"id":3172,"fincertId":"FINCERT-2026-003172","incidentId":16634,"idempotencyKey":"incident-16634","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:12.993315Z","receivedAt":"2026-05-15T20:52:13.023979Z"},{"id":3171,"fincertId":"FINCERT-2026-003171","incidentId":16630,"idempotencyKey":"incident-16630","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:12.893142Z","receivedAt":"2026-05-15T20:52:12.912010Z"},{"id":3170,"fincertId":"FINCERT-2026-003170","incidentId":16622,"idempotencyKey":"incident-16622","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:12.736690Z","receivedAt":"2026-05-15T20:52:12.751710Z"},{"id":3169,"fincertId":"FINCERT-2026-003169","incidentId":16620,"idempotencyKey":"incident-16620","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:12.689404Z","receivedAt":"2026-05-15T20:52:12.703484Z"},{"id":3168,"fincertId":"FINCERT-2026-003168","incidentId":16619,"idempotencyKey":"incident-16619","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:12.646454Z","receivedAt":"2026-05-15T20:52:12.669456Z"},{"id":3167,"fincertId":"FINCERT-2026-003167","incidentId":16616,"idempotencyKey":"incident-16616","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:12.577833Z","receivedAt":"2026-05-15T20:52:12.591004Z"},{"id":3166,"fincertId":"FINCERT-2026-003166","incidentId":16615,"idempotencyKey":"incident-16615","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:12.554416Z","receivedAt":"2026-05-15T20:52:12.571570Z"},{"id":3165,"fincertId":"FINCERT-2026-003165","incidentId":16614,"idempotencyKey":"incident-16614","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:12.522566Z","receivedAt":"2026-05-15T20:52:12.543057Z"},{"id":3164,"fincertId":"FINCERT-2026-003164","incidentId":16611,"idempotencyKey":"incident-16611","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:12.451808Z","receivedAt":"2026-05-15T20:52:12.477409Z"},{"id":3163,"fincertId":"FINCERT-2026-003163","incidentId":16604,"idempotencyKey":"incident-16604","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:12.311504Z","receivedAt":"2026-05-15T20:52:12.338710Z"},{"id":3162,"fincertId":"FINCERT-2026-003162","incidentId":16603,"idempotencyKey":"incident-16603","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:12.286805Z","receivedAt":"2026-05-15T20:52:12.300556Z"},{"id":3161,"fincertId":"FINCERT-2026-003161","incidentId":16598,"idempotencyKey":"incident-16598","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:12.150639Z","receivedAt":"2026-05-15T20:52:12.185893Z"},{"id":3160,"fincertId":"FINCERT-2026-003160","incidentId":16597,"idempotencyKey":"incident-16597","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:12.090971Z","receivedAt":"2026-05-15T20:52:12.131604Z"},{"id":3159,"fincertId":"FINCERT-2026-003159","incidentId":16595,"idempotencyKey":"incident-16595","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:11.937525Z","receivedAt":"2026-05-15T20:52:11.967830Z"},{"id":3158,"fincertId":"FINCERT-2026-003158","incidentId":16590,"idempotencyKey":"incident-16590","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:11.784417Z","receivedAt":"2026-05-15T20:52:11.831839Z"},{"id":3157,"fincertId":"FINCERT-2026-003157","incidentId":16588,"idempotencyKey":"incident-16588","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:11.740368Z","receivedAt":"2026-05-15T20:52:11.759095Z"},{"id":3156,"fincertId":"FINCERT-2026-003156","incidentId":16587,"idempotencyKey":"incident-16587","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:11.719006Z","receivedAt":"2026-05-15T20:52:11.732859Z"},{"id":3155,"fincertId":"FINCERT-2026-003155","incidentId":16586,"idempotencyKey":"incident-16586","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:11.694394Z","receivedAt":"2026-05-15T20:52:11.710990Z"},{"id":3154,"fincertId":"FINCERT-2026-003154","incidentId":16585,"idempotencyKey":"incident-16585","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:11.667450Z","receivedAt":"2026-05-15T20:52:11.682613Z"},{"id":3153,"fincertId":"FINCERT-2026-003153","incidentId":16582,"idempotencyKey":"incident-16582","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:11.579906Z","receivedAt":"2026-05-15T20:52:11.601009Z"},{"id":3152,"fincertId":"FINCERT-2026-003152","incidentId":16579,"idempotencyKey":"incident-16579","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:11.492291Z","receivedAt":"2026-05-15T20:52:11.513215Z"},{"id":3151,"fincertId":"FINCERT-2026-003151","incidentId":16573,"idempotencyKey":"incident-16573","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:11.365831Z","receivedAt":"2026-05-15T20:52:11.379332Z"},{"id":3150,"fincertId":"FINCERT-2026-003150","incidentId":16572,"idempotencyKey":"incident-16572","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:11.328503Z","receivedAt":"2026-05-15T20:52:11.355896Z"},{"id":3149,"fincertId":"FINCERT-2026-003149","incidentId":16571,"idempotencyKey":"incident-16571","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:11.297136Z","receivedAt":"2026-05-15T20:52:11.317099Z"},{"id":3148,"fincertId":"FINCERT-2026-003148","incidentId":16568,"idempotencyKey":"incident-16568","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:11.241396Z","receivedAt":"2026-05-15T20:52:11.254834Z"},{"id":3147,"fincertId":"FINCERT-2026-003147","incidentId":16565,"idempotencyKey":"incident-16565","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:11.186574Z","receivedAt":"2026-05-15T20:52:11.201438Z"},{"id":3146,"fincertId":"FINCERT-2026-003146","incidentId":16564,"idempotencyKey":"incident-16564","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:11.156815Z","receivedAt":"2026-05-15T20:52:11.170444Z"},{"id":3145,"fincertId":"FINCERT-2026-003145","incidentId":16557,"idempotencyKey":"incident-16557","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:10.971304Z","receivedAt":"2026-05-15T20:52:10.991107Z"},{"id":3144,"fincertId":"FINCERT-2026-003144","incidentId":16546,"idempotencyKey":"incident-16546","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:10.784894Z","receivedAt":"2026-05-15T20:52:10.797343Z"},{"id":3143,"fincertId":"FINCERT-2026-003143","incidentId":16545,"idempotencyKey":"incident-16545","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:10.765436Z","receivedAt":"2026-05-15T20:52:10.776105Z"},{"id":3142,"fincertId":"FINCERT-2026-003142","incidentId":16543,"idempotencyKey":"incident-16543","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:10.732466Z","receivedAt":"2026-05-15T20:52:10.744631Z"},{"id":3141,"fincertId":"FINCERT-2026-003141","incidentId":16538,"idempotencyKey":"incident-16538","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:10.647866Z","receivedAt":"2026-05-15T20:52:10.663019Z"},{"id":3140,"fincertId":"FINCERT-2026-003140","incidentId":16533,"idempotencyKey":"incident-16533","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:10.550354Z","receivedAt":"2026-05-15T20:52:10.562231Z"},{"id":3139,"fincertId":"FINCERT-2026-003139","incidentId":16532,"idempotencyKey":"incident-16532","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:10.531937Z","receivedAt":"2026-05-15T20:52:10.543958Z"},{"id":3138,"fincertId":"FINCERT-2026-003138","incidentId":16530,"idempotencyKey":"incident-16530","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:10.477579Z","receivedAt":"2026-05-15T20:52:10.502018Z"},{"id":3137,"fincertId":"FINCERT-2026-003137","incidentId":16525,"idempotencyKey":"incident-16525","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:10.375683Z","receivedAt":"2026-05-15T20:52:10.390690Z"},{"id":3136,"fincertId":"FINCERT-2026-003136","incidentId":16524,"idempotencyKey":"incident-16524","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:10.350034Z","receivedAt":"2026-05-15T20:52:10.366321Z"},{"id":3135,"fincertId":"FINCERT-2026-003135","incidentId":16521,"idempotencyKey":"incident-16521","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:10.284504Z","receivedAt":"2026-05-15T20:52:10.298078Z"},{"id":3134,"fincertId":"FINCERT-2026-003134","incidentId":16519,"idempotencyKey":"incident-16519","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:10.251502Z","receivedAt":"2026-05-15T20:52:10.262863Z"},{"id":3133,"fincertId":"FINCERT-2026-003133","incidentId":16518,"idempotencyKey":"incident-16518","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:10.231079Z","receivedAt":"2026-05-15T20:52:10.245433Z"},{"id":3132,"fincertId":"FINCERT-2026-003132","incidentId":16517,"idempotencyKey":"incident-16517","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:10.201666Z","receivedAt":"2026-05-15T20:52:10.215961Z"},{"id":3131,"fincertId":"FINCERT-2026-003131","incidentId":16515,"idempotencyKey":"incident-16515","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:10.160399Z","receivedAt":"2026-05-15T20:52:10.176061Z"},{"id":3130,"fincertId":"FINCERT-2026-003130","incidentId":16509,"idempotencyKey":"incident-16509","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:10.042813Z","receivedAt":"2026-05-15T20:52:10.055050Z"},{"id":3129,"fincertId":"FINCERT-2026-003129","incidentId":16506,"idempotencyKey":"incident-16506","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:09.984909Z","receivedAt":"2026-05-15T20:52:09.999453Z"},{"id":3128,"fincertId":"FINCERT-2026-003128","incidentId":16503,"idempotencyKey":"incident-16503","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:09.926027Z","receivedAt":"2026-05-15T20:52:09.939357Z"},{"id":3127,"fincertId":"FINCERT-2026-003127","incidentId":16497,"idempotencyKey":"incident-16497","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:09.809141Z","receivedAt":"2026-05-15T20:52:09.841612Z"},{"id":3126,"fincertId":"FINCERT-2026-003126","incidentId":16487,"idempotencyKey":"incident-16487","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:09.643936Z","receivedAt":"2026-05-15T20:52:09.660036Z"},{"id":3125,"fincertId":"FINCERT-2026-003125","incidentId":16483,"idempotencyKey":"incident-16483","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:09.528949Z","receivedAt":"2026-05-15T20:52:09.559974Z"},{"id":3124,"fincertId":"FINCERT-2026-003124","incidentId":16480,"idempotencyKey":"incident-16480","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:09.425142Z","receivedAt":"2026-05-15T20:52:09.440574Z"},{"id":3123,"fincertId":"FINCERT-2026-003123","incidentId":16479,"idempotencyKey":"incident-16479","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:09.395803Z","receivedAt":"2026-05-15T20:52:09.410110Z"},{"id":3122,"fincertId":"FINCERT-2026-003122","incidentId":16472,"idempotencyKey":"incident-16472","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:09.265790Z","receivedAt":"2026-05-15T20:52:09.279298Z"},{"id":3121,"fincertId":"FINCERT-2026-003121","incidentId":16471,"idempotencyKey":"incident-16471","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:09.233949Z","receivedAt":"2026-05-15T20:52:09.253932Z"},{"id":3120,"fincertId":"FINCERT-2026-003120","incidentId":16470,"idempotencyKey":"incident-16470","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:09.203652Z","receivedAt":"2026-05-15T20:52:09.224570Z"},{"id":3119,"fincertId":"FINCERT-2026-003119","incidentId":16464,"idempotencyKey":"incident-16464","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:09.067638Z","receivedAt":"2026-05-15T20:52:09.083351Z"},{"id":3118,"fincertId":"FINCERT-2026-003118","incidentId":16463,"idempotencyKey":"incident-16463","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:09.041791Z","receivedAt":"2026-05-15T20:52:09.057462Z"},{"id":3117,"fincertId":"FINCERT-2026-003117","incidentId":16462,"idempotencyKey":"incident-16462","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:09.022587Z","receivedAt":"2026-05-15T20:52:09.035512Z"},{"id":3116,"fincertId":"FINCERT-2026-003116","incidentId":16451,"idempotencyKey":"incident-16451","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.814224Z","receivedAt":"2026-05-15T20:52:08.835742Z"},{"id":3115,"fincertId":"FINCERT-2026-003115","incidentId":16450,"idempotencyKey":"incident-16450","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.792152Z","receivedAt":"2026-05-15T20:52:08.807046Z"},{"id":3114,"fincertId":"FINCERT-2026-003114","incidentId":16448,"idempotencyKey":"incident-16448","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.758587Z","receivedAt":"2026-05-15T20:52:08.771085Z"},{"id":3113,"fincertId":"FINCERT-2026-003113","incidentId":16443,"idempotencyKey":"incident-16443","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:08.682228Z","receivedAt":"2026-05-15T20:52:08.695619Z"},{"id":3112,"fincertId":"FINCERT-2026-003112","incidentId":16442,"idempotencyKey":"incident-16442","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.656212Z","receivedAt":"2026-05-15T20:52:08.674837Z"},{"id":3111,"fincertId":"FINCERT-2026-003111","incidentId":16441,"idempotencyKey":"incident-16441","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.612703Z","receivedAt":"2026-05-15T20:52:08.643417Z"},{"id":3110,"fincertId":"FINCERT-2026-003110","incidentId":16440,"idempotencyKey":"incident-16440","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.590511Z","receivedAt":"2026-05-15T20:52:08.604840Z"},{"id":3109,"fincertId":"FINCERT-2026-003109","incidentId":16439,"idempotencyKey":"incident-16439","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:08.572442Z","receivedAt":"2026-05-15T20:52:08.583624Z"},{"id":3108,"fincertId":"FINCERT-2026-003108","incidentId":16437,"idempotencyKey":"incident-16437","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:08.537416Z","receivedAt":"2026-05-15T20:52:08.549925Z"},{"id":3107,"fincertId":"FINCERT-2026-003107","incidentId":16436,"idempotencyKey":"incident-16436","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.516891Z","receivedAt":"2026-05-15T20:52:08.530789Z"},{"id":3106,"fincertId":"FINCERT-2026-003106","incidentId":16432,"idempotencyKey":"incident-16432","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.425233Z","receivedAt":"2026-05-15T20:52:08.438311Z"},{"id":3105,"fincertId":"FINCERT-2026-003105","incidentId":16428,"idempotencyKey":"incident-16428","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:08.359576Z","receivedAt":"2026-05-15T20:52:08.373141Z"},{"id":3104,"fincertId":"FINCERT-2026-003104","incidentId":16424,"idempotencyKey":"incident-16424","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.285165Z","receivedAt":"2026-05-15T20:52:08.297847Z"},{"id":3103,"fincertId":"FINCERT-2026-003103","incidentId":16420,"idempotencyKey":"incident-16420","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.223299Z","receivedAt":"2026-05-15T20:52:08.234858Z"},{"id":3102,"fincertId":"FINCERT-2026-003102","incidentId":16418,"idempotencyKey":"incident-16418","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:08.184095Z","receivedAt":"2026-05-15T20:52:08.197054Z"},{"id":3101,"fincertId":"FINCERT-2026-003101","incidentId":16416,"idempotencyKey":"incident-16416","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:08.142250Z","receivedAt":"2026-05-15T20:52:08.159062Z"},{"id":3100,"fincertId":"FINCERT-2026-003100","incidentId":16413,"idempotencyKey":"incident-16413","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:08.037102Z","receivedAt":"2026-05-15T20:52:08.075358Z"},{"id":3099,"fincertId":"FINCERT-2026-003099","incidentId":16411,"idempotencyKey":"incident-16411","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:07.959780Z","receivedAt":"2026-05-15T20:52:07.991031Z"},{"id":3098,"fincertId":"FINCERT-2026-003098","incidentId":16405,"idempotencyKey":"incident-16405","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:07.839465Z","receivedAt":"2026-05-15T20:52:07.864627Z"},{"id":3097,"fincertId":"FINCERT-2026-003097","incidentId":16398,"idempotencyKey":"incident-16398","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:07.729029Z","receivedAt":"2026-05-15T20:52:07.741796Z"},{"id":3096,"fincertId":"FINCERT-2026-003096","incidentId":16395,"idempotencyKey":"incident-16395","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:07.680129Z","receivedAt":"2026-05-15T20:52:07.694585Z"},{"id":3095,"fincertId":"FINCERT-2026-003095","incidentId":16393,"idempotencyKey":"incident-16393","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:07.634113Z","receivedAt":"2026-05-15T20:52:07.650723Z"},{"id":3094,"fincertId":"FINCERT-2026-003094","incidentId":16392,"idempotencyKey":"incident-16392","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:07.594341Z","receivedAt":"2026-05-15T20:52:07.607703Z"},{"id":3093,"fincertId":"FINCERT-2026-003093","incidentId":16384,"idempotencyKey":"incident-16384","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:07.456909Z","receivedAt":"2026-05-15T20:52:07.474987Z"},{"id":3092,"fincertId":"FINCERT-2026-003092","incidentId":16383,"idempotencyKey":"incident-16383","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:07.433290Z","receivedAt":"2026-05-15T20:52:07.448080Z"},{"id":3091,"fincertId":"FINCERT-2026-003091","incidentId":16374,"idempotencyKey":"incident-16374","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:07.295158Z","receivedAt":"2026-05-15T20:52:07.308035Z"},{"id":3090,"fincertId":"FINCERT-2026-003090","incidentId":16373,"idempotencyKey":"incident-16373","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:07.276616Z","receivedAt":"2026-05-15T20:52:07.288914Z"},{"id":3089,"fincertId":"FINCERT-2026-003089","incidentId":16372,"idempotencyKey":"incident-16372","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:07.252464Z","receivedAt":"2026-05-15T20:52:07.269440Z"},{"id":3088,"fincertId":"FINCERT-2026-003088","incidentId":16367,"idempotencyKey":"incident-16367","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:07.151021Z","receivedAt":"2026-05-15T20:52:07.167913Z"},{"id":3087,"fincertId":"FINCERT-2026-003087","incidentId":16365,"idempotencyKey":"incident-16365","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:07.100887Z","receivedAt":"2026-05-15T20:52:07.119745Z"},{"id":3086,"fincertId":"FINCERT-2026-003086","incidentId":16361,"idempotencyKey":"incident-16361","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:07.042360Z","receivedAt":"2026-05-15T20:52:07.054967Z"},{"id":3085,"fincertId":"FINCERT-2026-003085","incidentId":16360,"idempotencyKey":"incident-16360","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:07.026345Z","receivedAt":"2026-05-15T20:52:07.037079Z"},{"id":3084,"fincertId":"FINCERT-2026-003084","incidentId":16355,"idempotencyKey":"incident-16355","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:06.927142Z","receivedAt":"2026-05-15T20:52:06.939163Z"},{"id":3083,"fincertId":"FINCERT-2026-003083","incidentId":16352,"idempotencyKey":"incident-16352","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:06.879025Z","receivedAt":"2026-05-15T20:52:06.890101Z"},{"id":3082,"fincertId":"FINCERT-2026-003082","incidentId":16348,"idempotencyKey":"incident-16348","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:06.815375Z","receivedAt":"2026-05-15T20:52:06.835779Z"},{"id":3081,"fincertId":"FINCERT-2026-003081","incidentId":16347,"idempotencyKey":"incident-16347","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:06.793465Z","receivedAt":"2026-05-15T20:52:06.807497Z"},{"id":3080,"fincertId":"FINCERT-2026-003080","incidentId":16341,"idempotencyKey":"incident-16341","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:06.699806Z","receivedAt":"2026-05-15T20:52:06.713533Z"},{"id":3079,"fincertId":"FINCERT-2026-003079","incidentId":16340,"idempotencyKey":"incident-16340","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:52:06.648591Z","receivedAt":"2026-05-15T20:52:06.678729Z"},{"id":3078,"fincertId":"FINCERT-2026-003078","incidentId":16338,"idempotencyKey":"incident-16338","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:06.580869Z","receivedAt":"2026-05-15T20:52:06.603847Z"},{"id":3077,"fincertId":"FINCERT-2026-003077","incidentId":16326,"idempotencyKey":"incident-16326","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:06.357082Z","receivedAt":"2026-05-15T20:52:06.373728Z"},{"id":3076,"fincertId":"FINCERT-2026-003076","incidentId":16322,"idempotencyKey":"incident-16322","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:06.236063Z","receivedAt":"2026-05-15T20:52:06.251155Z"},{"id":3075,"fincertId":"FINCERT-2026-003075","incidentId":16319,"idempotencyKey":"incident-16319","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:06.109700Z","receivedAt":"2026-05-15T20:52:06.157636Z"},{"id":3074,"fincertId":"FINCERT-2026-003074","incidentId":16318,"idempotencyKey":"incident-16318","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:05.944825Z","receivedAt":"2026-05-15T20:52:06.028306Z"},{"id":3073,"fincertId":"FINCERT-2026-003073","incidentId":16311,"idempotencyKey":"incident-16311","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:05.718214Z","receivedAt":"2026-05-15T20:52:05.738816Z"},{"id":3072,"fincertId":"FINCERT-2026-003072","incidentId":16310,"idempotencyKey":"incident-16310","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:05.674827Z","receivedAt":"2026-05-15T20:52:05.700372Z"},{"id":3071,"fincertId":"FINCERT-2026-003071","incidentId":16308,"idempotencyKey":"incident-16308","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:05.591096Z","receivedAt":"2026-05-15T20:52:05.622312Z"},{"id":3070,"fincertId":"FINCERT-2026-003070","incidentId":16307,"idempotencyKey":"incident-16307","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:05.571785Z","receivedAt":"2026-05-15T20:52:05.583924Z"},{"id":3069,"fincertId":"FINCERT-2026-003069","incidentId":16305,"idempotencyKey":"incident-16305","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:05.526024Z","receivedAt":"2026-05-15T20:52:05.544883Z"},{"id":3068,"fincertId":"FINCERT-2026-003068","incidentId":16304,"idempotencyKey":"incident-16304","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:05.501307Z","receivedAt":"2026-05-15T20:52:05.518164Z"},{"id":3067,"fincertId":"FINCERT-2026-003067","incidentId":16296,"idempotencyKey":"incident-16296","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:05.361918Z","receivedAt":"2026-05-15T20:52:05.375071Z"},{"id":3066,"fincertId":"FINCERT-2026-003066","incidentId":16295,"idempotencyKey":"incident-16295","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:05.328955Z","receivedAt":"2026-05-15T20:52:05.350559Z"},{"id":3065,"fincertId":"FINCERT-2026-003065","incidentId":16287,"idempotencyKey":"incident-16287","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:05.191626Z","receivedAt":"2026-05-15T20:52:05.203720Z"},{"id":3064,"fincertId":"FINCERT-2026-003064","incidentId":16284,"idempotencyKey":"incident-16284","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:05.135826Z","receivedAt":"2026-05-15T20:52:05.154897Z"},{"id":3063,"fincertId":"FINCERT-2026-003063","incidentId":16278,"idempotencyKey":"incident-16278","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:05.037981Z","receivedAt":"2026-05-15T20:52:05.050147Z"},{"id":3062,"fincertId":"FINCERT-2026-003062","incidentId":16275,"idempotencyKey":"incident-16275","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:04.982537Z","receivedAt":"2026-05-15T20:52:05.000955Z"},{"id":3061,"fincertId":"FINCERT-2026-003061","incidentId":16273,"idempotencyKey":"incident-16273","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:04.926598Z","receivedAt":"2026-05-15T20:52:04.939437Z"},{"id":3060,"fincertId":"FINCERT-2026-003060","incidentId":16269,"idempotencyKey":"incident-16269","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.862428Z","receivedAt":"2026-05-15T20:52:04.877104Z"},{"id":3059,"fincertId":"FINCERT-2026-003059","incidentId":16268,"idempotencyKey":"incident-16268","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.840766Z","receivedAt":"2026-05-15T20:52:04.856010Z"},{"id":3058,"fincertId":"FINCERT-2026-003058","incidentId":16258,"idempotencyKey":"incident-16258","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.684105Z","receivedAt":"2026-05-15T20:52:04.696545Z"},{"id":3057,"fincertId":"FINCERT-2026-003057","incidentId":16257,"idempotencyKey":"incident-16257","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.661290Z","receivedAt":"2026-05-15T20:52:04.676659Z"},{"id":3056,"fincertId":"FINCERT-2026-003056","incidentId":16254,"idempotencyKey":"incident-16254","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:04.594924Z","receivedAt":"2026-05-15T20:52:04.609403Z"},{"id":3055,"fincertId":"FINCERT-2026-003055","incidentId":16242,"idempotencyKey":"incident-16242","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.408804Z","receivedAt":"2026-05-15T20:52:04.422134Z"},{"id":3054,"fincertId":"FINCERT-2026-003054","incidentId":16239,"idempotencyKey":"incident-16239","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:04.362611Z","receivedAt":"2026-05-15T20:52:04.374334Z"},{"id":3053,"fincertId":"FINCERT-2026-003053","incidentId":16237,"idempotencyKey":"incident-16237","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.314734Z","receivedAt":"2026-05-15T20:52:04.335583Z"},{"id":3052,"fincertId":"FINCERT-2026-003052","incidentId":16235,"idempotencyKey":"incident-16235","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:04.282435Z","receivedAt":"2026-05-15T20:52:04.293Z"},{"id":3051,"fincertId":"FINCERT-2026-003051","incidentId":16234,"idempotencyKey":"incident-16234","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:04.266461Z","receivedAt":"2026-05-15T20:52:04.276608Z"},{"id":3050,"fincertId":"FINCERT-2026-003050","incidentId":16230,"idempotencyKey":"incident-16230","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:04.190797Z","receivedAt":"2026-05-15T20:52:04.204982Z"},{"id":3049,"fincertId":"FINCERT-2026-003049","incidentId":16228,"idempotencyKey":"incident-16228","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:52:04.125787Z","receivedAt":"2026-05-15T20:52:04.158285Z"},{"id":3048,"fincertId":"FINCERT-2026-003048","incidentId":16227,"idempotencyKey":"incident-16227","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.092730Z","receivedAt":"2026-05-15T20:52:04.112927Z"},{"id":3047,"fincertId":"FINCERT-2026-003047","incidentId":16224,"idempotencyKey":"incident-16224","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.038092Z","receivedAt":"2026-05-15T20:52:04.054532Z"},{"id":3046,"fincertId":"FINCERT-2026-003046","incidentId":16223,"idempotencyKey":"incident-16223","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:04.015552Z","receivedAt":"2026-05-15T20:52:04.031490Z"},{"id":3045,"fincertId":"FINCERT-2026-003045","incidentId":16221,"idempotencyKey":"incident-16221","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:03.951665Z","receivedAt":"2026-05-15T20:52:03.970620Z"},{"id":3044,"fincertId":"FINCERT-2026-003044","incidentId":16217,"idempotencyKey":"incident-16217","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:03.889226Z","receivedAt":"2026-05-15T20:52:03.901031Z"},{"id":3043,"fincertId":"FINCERT-2026-003043","incidentId":16215,"idempotencyKey":"incident-16215","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:03.857667Z","receivedAt":"2026-05-15T20:52:03.869575Z"},{"id":3042,"fincertId":"FINCERT-2026-003042","incidentId":16212,"idempotencyKey":"incident-16212","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:03.784103Z","receivedAt":"2026-05-15T20:52:03.798053Z"},{"id":3041,"fincertId":"FINCERT-2026-003041","incidentId":16209,"idempotencyKey":"incident-16209","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:03.727697Z","receivedAt":"2026-05-15T20:52:03.740142Z"},{"id":3040,"fincertId":"FINCERT-2026-003040","incidentId":16207,"idempotencyKey":"incident-16207","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:03.682522Z","receivedAt":"2026-05-15T20:52:03.697697Z"},{"id":3039,"fincertId":"FINCERT-2026-003039","incidentId":16206,"idempotencyKey":"incident-16206","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:03.656689Z","receivedAt":"2026-05-15T20:52:03.674656Z"},{"id":3038,"fincertId":"FINCERT-2026-003038","incidentId":16204,"idempotencyKey":"incident-16204","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:03.597646Z","receivedAt":"2026-05-15T20:52:03.622298Z"},{"id":3037,"fincertId":"FINCERT-2026-003037","incidentId":16202,"idempotencyKey":"incident-16202","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:03.536878Z","receivedAt":"2026-05-15T20:52:03.561429Z"},{"id":3036,"fincertId":"FINCERT-2026-003036","incidentId":16199,"idempotencyKey":"incident-16199","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:03.429131Z","receivedAt":"2026-05-15T20:52:03.445140Z"},{"id":3035,"fincertId":"FINCERT-2026-003035","incidentId":16197,"idempotencyKey":"incident-16197","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:03.388534Z","receivedAt":"2026-05-15T20:52:03.403561Z"},{"id":3034,"fincertId":"FINCERT-2026-003034","incidentId":16192,"idempotencyKey":"incident-16192","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:03.207342Z","receivedAt":"2026-05-15T20:52:03.225843Z"},{"id":3033,"fincertId":"FINCERT-2026-003033","incidentId":16191,"idempotencyKey":"incident-16191","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:03.182468Z","receivedAt":"2026-05-15T20:52:03.199253Z"},{"id":3032,"fincertId":"FINCERT-2026-003032","incidentId":16188,"idempotencyKey":"incident-16188","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:03.056747Z","receivedAt":"2026-05-15T20:52:03.084901Z"},{"id":3031,"fincertId":"FINCERT-2026-003031","incidentId":16187,"idempotencyKey":"incident-16187","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:02.976814Z","receivedAt":"2026-05-15T20:52:03.008120Z"},{"id":3030,"fincertId":"FINCERT-2026-003030","incidentId":16179,"idempotencyKey":"incident-16179","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:02.805166Z","receivedAt":"2026-05-15T20:52:02.837129Z"},{"id":3029,"fincertId":"FINCERT-2026-003029","incidentId":16177,"idempotencyKey":"incident-16177","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:02.767294Z","receivedAt":"2026-05-15T20:52:02.780532Z"},{"id":3028,"fincertId":"FINCERT-2026-003028","incidentId":16175,"idempotencyKey":"incident-16175","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:02.731930Z","receivedAt":"2026-05-15T20:52:02.744405Z"},{"id":3027,"fincertId":"FINCERT-2026-003027","incidentId":16169,"idempotencyKey":"incident-16169","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:02.636746Z","receivedAt":"2026-05-15T20:52:02.653601Z"},{"id":3026,"fincertId":"FINCERT-2026-003026","incidentId":16166,"idempotencyKey":"incident-16166","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:02.565151Z","receivedAt":"2026-05-15T20:52:02.582821Z"},{"id":3025,"fincertId":"FINCERT-2026-003025","incidentId":16165,"idempotencyKey":"incident-16165","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:02.539231Z","receivedAt":"2026-05-15T20:52:02.557674Z"},{"id":3024,"fincertId":"FINCERT-2026-003024","incidentId":16164,"idempotencyKey":"incident-16164","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:02.511219Z","receivedAt":"2026-05-15T20:52:02.530092Z"},{"id":3023,"fincertId":"FINCERT-2026-003023","incidentId":16163,"idempotencyKey":"incident-16163","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:02.463041Z","receivedAt":"2026-05-15T20:52:02.493068Z"},{"id":3022,"fincertId":"FINCERT-2026-003022","incidentId":16150,"idempotencyKey":"incident-16150","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:52:02.188010Z","receivedAt":"2026-05-15T20:52:02.202224Z"},{"id":3021,"fincertId":"FINCERT-2026-003021","incidentId":16147,"idempotencyKey":"incident-16147","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:02.111094Z","receivedAt":"2026-05-15T20:52:02.135644Z"},{"id":3020,"fincertId":"FINCERT-2026-003020","incidentId":16143,"idempotencyKey":"incident-16143","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.930374Z","receivedAt":"2026-05-15T20:52:01.945907Z"},{"id":3019,"fincertId":"FINCERT-2026-003019","incidentId":16142,"idempotencyKey":"incident-16142","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.906154Z","receivedAt":"2026-05-15T20:52:01.923472Z"},{"id":3018,"fincertId":"FINCERT-2026-003018","incidentId":16139,"idempotencyKey":"incident-16139","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:01.855959Z","receivedAt":"2026-05-15T20:52:01.867997Z"},{"id":3017,"fincertId":"FINCERT-2026-003017","incidentId":16137,"idempotencyKey":"incident-16137","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.797914Z","receivedAt":"2026-05-15T20:52:01.820123Z"},{"id":3016,"fincertId":"FINCERT-2026-003016","incidentId":16133,"idempotencyKey":"incident-16133","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.727071Z","receivedAt":"2026-05-15T20:52:01.742159Z"},{"id":3015,"fincertId":"FINCERT-2026-003015","incidentId":16130,"idempotencyKey":"incident-16130","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:52:01.640245Z","receivedAt":"2026-05-15T20:52:01.667521Z"},{"id":3014,"fincertId":"FINCERT-2026-003014","incidentId":16122,"idempotencyKey":"incident-16122","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.453932Z","receivedAt":"2026-05-15T20:52:01.472221Z"},{"id":3013,"fincertId":"FINCERT-2026-003013","incidentId":16113,"idempotencyKey":"incident-16113","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.249459Z","receivedAt":"2026-05-15T20:52:01.264108Z"},{"id":3012,"fincertId":"FINCERT-2026-003012","incidentId":16110,"idempotencyKey":"incident-16110","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.190542Z","receivedAt":"2026-05-15T20:52:01.202487Z"},{"id":3011,"fincertId":"FINCERT-2026-003011","incidentId":16105,"idempotencyKey":"incident-16105","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:01.056339Z","receivedAt":"2026-05-15T20:52:01.076864Z"},{"id":3010,"fincertId":"FINCERT-2026-003010","incidentId":16104,"idempotencyKey":"incident-16104","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.035769Z","receivedAt":"2026-05-15T20:52:01.049672Z"},{"id":3009,"fincertId":"FINCERT-2026-003009","incidentId":16103,"idempotencyKey":"incident-16103","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:01.012475Z","receivedAt":"2026-05-15T20:52:01.027532Z"},{"id":3008,"fincertId":"FINCERT-2026-003008","incidentId":16100,"idempotencyKey":"incident-16100","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:00.942894Z","receivedAt":"2026-05-15T20:52:00.956925Z"},{"id":3007,"fincertId":"FINCERT-2026-003007","incidentId":16095,"idempotencyKey":"incident-16095","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:00.870521Z","receivedAt":"2026-05-15T20:52:00.883044Z"},{"id":3006,"fincertId":"FINCERT-2026-003006","incidentId":16082,"idempotencyKey":"incident-16082","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:00.649219Z","receivedAt":"2026-05-15T20:52:00.661019Z"},{"id":3005,"fincertId":"FINCERT-2026-003005","incidentId":16080,"idempotencyKey":"incident-16080","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:00.606948Z","receivedAt":"2026-05-15T20:52:00.627755Z"},{"id":3004,"fincertId":"FINCERT-2026-003004","incidentId":16079,"idempotencyKey":"incident-16079","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:00.587448Z","receivedAt":"2026-05-15T20:52:00.598901Z"},{"id":3003,"fincertId":"FINCERT-2026-003003","incidentId":16069,"idempotencyKey":"incident-16069","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:00.380205Z","receivedAt":"2026-05-15T20:52:00.397275Z"},{"id":3002,"fincertId":"FINCERT-2026-003002","incidentId":16066,"idempotencyKey":"incident-16066","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:00.304485Z","receivedAt":"2026-05-15T20:52:00.323736Z"},{"id":3001,"fincertId":"FINCERT-2026-003001","incidentId":16056,"idempotencyKey":"incident-16056","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:52:00.095579Z","receivedAt":"2026-05-15T20:52:00.130686Z"},{"id":3000,"fincertId":"FINCERT-2026-003000","incidentId":16055,"idempotencyKey":"incident-16055","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:52:00.058847Z","receivedAt":"2026-05-15T20:52:00.083804Z"},{"id":2999,"fincertId":"FINCERT-2026-002999","incidentId":16048,"idempotencyKey":"incident-16048","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:59.896050Z","receivedAt":"2026-05-15T20:51:59.909300Z"},{"id":2998,"fincertId":"FINCERT-2026-002998","incidentId":16045,"idempotencyKey":"incident-16045","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:59.830983Z","receivedAt":"2026-05-15T20:51:59.851515Z"},{"id":2997,"fincertId":"FINCERT-2026-002997","incidentId":16041,"idempotencyKey":"incident-16041","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:59.760007Z","receivedAt":"2026-05-15T20:51:59.771088Z"},{"id":2996,"fincertId":"FINCERT-2026-002996","incidentId":16032,"idempotencyKey":"incident-16032","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:59.591193Z","receivedAt":"2026-05-15T20:51:59.607738Z"},{"id":2995,"fincertId":"FINCERT-2026-002995","incidentId":16031,"idempotencyKey":"incident-16031","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:59.570699Z","receivedAt":"2026-05-15T20:51:59.584338Z"},{"id":2994,"fincertId":"FINCERT-2026-002994","incidentId":16027,"idempotencyKey":"incident-16027","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:59.454254Z","receivedAt":"2026-05-15T20:51:59.493924Z"},{"id":2993,"fincertId":"FINCERT-2026-002993","incidentId":16026,"idempotencyKey":"incident-16026","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:59.425081Z","receivedAt":"2026-05-15T20:51:59.445046Z"},{"id":2992,"fincertId":"FINCERT-2026-002992","incidentId":16024,"idempotencyKey":"incident-16024","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:59.365810Z","receivedAt":"2026-05-15T20:51:59.379158Z"},{"id":2991,"fincertId":"FINCERT-2026-002991","incidentId":16021,"idempotencyKey":"incident-16021","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:59.274821Z","receivedAt":"2026-05-15T20:51:59.289375Z"},{"id":2990,"fincertId":"FINCERT-2026-002990","incidentId":16020,"idempotencyKey":"incident-16020","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:59.223859Z","receivedAt":"2026-05-15T20:51:59.258389Z"},{"id":2989,"fincertId":"FINCERT-2026-002989","incidentId":16018,"idempotencyKey":"incident-16018","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:59.183200Z","receivedAt":"2026-05-15T20:51:59.199738Z"},{"id":2988,"fincertId":"FINCERT-2026-002988","incidentId":16017,"idempotencyKey":"incident-16017","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:59.159749Z","receivedAt":"2026-05-15T20:51:59.175381Z"},{"id":2987,"fincertId":"FINCERT-2026-002987","incidentId":16015,"idempotencyKey":"incident-16015","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:59.100807Z","receivedAt":"2026-05-15T20:51:59.132762Z"},{"id":2986,"fincertId":"FINCERT-2026-002986","incidentId":16003,"idempotencyKey":"incident-16003","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:58.743593Z","receivedAt":"2026-05-15T20:51:58.759410Z"},{"id":2985,"fincertId":"FINCERT-2026-002985","incidentId":15997,"idempotencyKey":"incident-15997","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:58.645477Z","receivedAt":"2026-05-15T20:51:58.657967Z"},{"id":2984,"fincertId":"FINCERT-2026-002984","incidentId":15996,"idempotencyKey":"incident-15996","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:58.611531Z","receivedAt":"2026-05-15T20:51:58.636247Z"},{"id":2983,"fincertId":"FINCERT-2026-002983","incidentId":15994,"idempotencyKey":"incident-15994","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:58.567986Z","receivedAt":"2026-05-15T20:51:58.580155Z"},{"id":2982,"fincertId":"FINCERT-2026-002982","incidentId":15989,"idempotencyKey":"incident-15989","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:58.470874Z","receivedAt":"2026-05-15T20:51:58.507671Z"},{"id":2981,"fincertId":"FINCERT-2026-002981","incidentId":15984,"idempotencyKey":"incident-15984","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:58.382341Z","receivedAt":"2026-05-15T20:51:58.394601Z"},{"id":2980,"fincertId":"FINCERT-2026-002980","incidentId":15983,"idempotencyKey":"incident-15983","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:58.345464Z","receivedAt":"2026-05-15T20:51:58.375909Z"},{"id":2979,"fincertId":"FINCERT-2026-002979","incidentId":15982,"idempotencyKey":"incident-15982","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:58.301856Z","receivedAt":"2026-05-15T20:51:58.318728Z"},{"id":2978,"fincertId":"FINCERT-2026-002978","incidentId":15981,"idempotencyKey":"incident-15981","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:58.278815Z","receivedAt":"2026-05-15T20:51:58.294197Z"},{"id":2977,"fincertId":"FINCERT-2026-002977","incidentId":15972,"idempotencyKey":"incident-15972","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:58.080770Z","receivedAt":"2026-05-15T20:51:58.100120Z"},{"id":2976,"fincertId":"FINCERT-2026-002976","incidentId":15971,"idempotencyKey":"incident-15971","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:58.035963Z","receivedAt":"2026-05-15T20:51:58.056894Z"},{"id":2975,"fincertId":"FINCERT-2026-002975","incidentId":15969,"idempotencyKey":"incident-15969","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:57.983795Z","receivedAt":"2026-05-15T20:51:58.002577Z"},{"id":2974,"fincertId":"FINCERT-2026-002974","incidentId":15963,"idempotencyKey":"incident-15963","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.861975Z","receivedAt":"2026-05-15T20:51:57.881572Z"},{"id":2973,"fincertId":"FINCERT-2026-002973","incidentId":15960,"idempotencyKey":"incident-15960","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.785218Z","receivedAt":"2026-05-15T20:51:57.798971Z"},{"id":2972,"fincertId":"FINCERT-2026-002972","incidentId":15958,"idempotencyKey":"incident-15958","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.745633Z","receivedAt":"2026-05-15T20:51:57.760785Z"},{"id":2971,"fincertId":"FINCERT-2026-002971","incidentId":15957,"idempotencyKey":"incident-15957","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.723966Z","receivedAt":"2026-05-15T20:51:57.737551Z"},{"id":2970,"fincertId":"FINCERT-2026-002970","incidentId":15953,"idempotencyKey":"incident-15953","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.652537Z","receivedAt":"2026-05-15T20:51:57.673087Z"},{"id":2969,"fincertId":"FINCERT-2026-002969","incidentId":15951,"idempotencyKey":"incident-15951","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:57.604828Z","receivedAt":"2026-05-15T20:51:57.623056Z"},{"id":2968,"fincertId":"FINCERT-2026-002968","incidentId":15949,"idempotencyKey":"incident-15949","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.554555Z","receivedAt":"2026-05-15T20:51:57.575622Z"},{"id":2967,"fincertId":"FINCERT-2026-002967","incidentId":15946,"idempotencyKey":"incident-15946","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.486814Z","receivedAt":"2026-05-15T20:51:57.509123Z"},{"id":2966,"fincertId":"FINCERT-2026-002966","incidentId":15944,"idempotencyKey":"incident-15944","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:57.442884Z","receivedAt":"2026-05-15T20:51:57.455517Z"},{"id":2965,"fincertId":"FINCERT-2026-002965","incidentId":15941,"idempotencyKey":"incident-15941","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.393200Z","receivedAt":"2026-05-15T20:51:57.406945Z"},{"id":2964,"fincertId":"FINCERT-2026-002964","incidentId":15940,"idempotencyKey":"incident-15940","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.367214Z","receivedAt":"2026-05-15T20:51:57.385136Z"},{"id":2963,"fincertId":"FINCERT-2026-002963","incidentId":15935,"idempotencyKey":"incident-15935","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:57.272508Z","receivedAt":"2026-05-15T20:51:57.286434Z"},{"id":2962,"fincertId":"FINCERT-2026-002962","incidentId":15934,"idempotencyKey":"incident-15934","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:57.254288Z","receivedAt":"2026-05-15T20:51:57.266165Z"},{"id":2961,"fincertId":"FINCERT-2026-002961","incidentId":15929,"idempotencyKey":"incident-15929","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.167551Z","receivedAt":"2026-05-15T20:51:57.180083Z"},{"id":2960,"fincertId":"FINCERT-2026-002960","incidentId":15924,"idempotencyKey":"incident-15924","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:57.067549Z","receivedAt":"2026-05-15T20:51:57.079094Z"},{"id":2959,"fincertId":"FINCERT-2026-002959","incidentId":15917,"idempotencyKey":"incident-15917","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:56.935784Z","receivedAt":"2026-05-15T20:51:56.948498Z"},{"id":2958,"fincertId":"FINCERT-2026-002958","incidentId":15915,"idempotencyKey":"incident-15915","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:56.895105Z","receivedAt":"2026-05-15T20:51:56.910028Z"},{"id":2957,"fincertId":"FINCERT-2026-002957","incidentId":15914,"idempotencyKey":"incident-15914","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:56.870044Z","receivedAt":"2026-05-15T20:51:56.888631Z"},{"id":2956,"fincertId":"FINCERT-2026-002956","incidentId":15913,"idempotencyKey":"incident-15913","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:56.848102Z","receivedAt":"2026-05-15T20:51:56.862648Z"},{"id":2955,"fincertId":"FINCERT-2026-002955","incidentId":15908,"idempotencyKey":"incident-15908","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:56.754445Z","receivedAt":"2026-05-15T20:51:56.765413Z"},{"id":2954,"fincertId":"FINCERT-2026-002954","incidentId":15906,"idempotencyKey":"incident-15906","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:56.705599Z","receivedAt":"2026-05-15T20:51:56.717055Z"},{"id":2953,"fincertId":"FINCERT-2026-002953","incidentId":15904,"idempotencyKey":"incident-15904","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:56.656827Z","receivedAt":"2026-05-15T20:51:56.680004Z"},{"id":2952,"fincertId":"FINCERT-2026-002952","incidentId":15902,"idempotencyKey":"incident-15902","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:56.567469Z","receivedAt":"2026-05-15T20:51:56.595926Z"},{"id":2951,"fincertId":"FINCERT-2026-002951","incidentId":15894,"idempotencyKey":"incident-15894","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:56.405501Z","receivedAt":"2026-05-15T20:51:56.425069Z"},{"id":2950,"fincertId":"FINCERT-2026-002950","incidentId":15889,"idempotencyKey":"incident-15889","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:56.274416Z","receivedAt":"2026-05-15T20:51:56.288523Z"},{"id":2949,"fincertId":"FINCERT-2026-002949","incidentId":15887,"idempotencyKey":"incident-15887","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:56.230111Z","receivedAt":"2026-05-15T20:51:56.251435Z"},{"id":2948,"fincertId":"FINCERT-2026-002948","incidentId":15886,"idempotencyKey":"incident-15886","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:56.203962Z","receivedAt":"2026-05-15T20:51:56.218796Z"},{"id":2947,"fincertId":"FINCERT-2026-002947","incidentId":15884,"idempotencyKey":"incident-15884","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:56.116446Z","receivedAt":"2026-05-15T20:51:56.163414Z"},{"id":2946,"fincertId":"FINCERT-2026-002946","incidentId":15880,"idempotencyKey":"incident-15880","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:56.041135Z","receivedAt":"2026-05-15T20:51:56.057280Z"},{"id":2945,"fincertId":"FINCERT-2026-002945","incidentId":15877,"idempotencyKey":"incident-15877","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:55.955832Z","receivedAt":"2026-05-15T20:51:55.977648Z"},{"id":2944,"fincertId":"FINCERT-2026-002944","incidentId":15875,"idempotencyKey":"incident-15875","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:55.917392Z","receivedAt":"2026-05-15T20:51:55.930612Z"},{"id":2943,"fincertId":"FINCERT-2026-002943","incidentId":15874,"idempotencyKey":"incident-15874","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:55.890418Z","receivedAt":"2026-05-15T20:51:55.902485Z"},{"id":2942,"fincertId":"FINCERT-2026-002942","incidentId":15873,"idempotencyKey":"incident-15873","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:55.864531Z","receivedAt":"2026-05-15T20:51:55.883312Z"},{"id":2941,"fincertId":"FINCERT-2026-002941","incidentId":15871,"idempotencyKey":"incident-15871","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:55.808247Z","receivedAt":"2026-05-15T20:51:55.831623Z"},{"id":2940,"fincertId":"FINCERT-2026-002940","incidentId":15869,"idempotencyKey":"incident-15869","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:55.769951Z","receivedAt":"2026-05-15T20:51:55.782038Z"},{"id":2939,"fincertId":"FINCERT-2026-002939","incidentId":15868,"idempotencyKey":"incident-15868","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:55.747526Z","receivedAt":"2026-05-15T20:51:55.762065Z"},{"id":2938,"fincertId":"FINCERT-2026-002938","incidentId":15866,"idempotencyKey":"incident-15866","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:55.708255Z","receivedAt":"2026-05-15T20:51:55.723534Z"},{"id":2937,"fincertId":"FINCERT-2026-002937","incidentId":15864,"idempotencyKey":"incident-15864","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:55.663547Z","receivedAt":"2026-05-15T20:51:55.678296Z"},{"id":2936,"fincertId":"FINCERT-2026-002936","incidentId":15861,"idempotencyKey":"incident-15861","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:55.591680Z","receivedAt":"2026-05-15T20:51:55.603685Z"},{"id":2935,"fincertId":"FINCERT-2026-002935","incidentId":15857,"idempotencyKey":"incident-15857","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:55.521893Z","receivedAt":"2026-05-15T20:51:55.540810Z"},{"id":2934,"fincertId":"FINCERT-2026-002934","incidentId":15853,"idempotencyKey":"incident-15853","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:55.409762Z","receivedAt":"2026-05-15T20:51:55.427886Z"},{"id":2933,"fincertId":"FINCERT-2026-002933","incidentId":15852,"idempotencyKey":"incident-15852","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:55.390142Z","receivedAt":"2026-05-15T20:51:55.402380Z"},{"id":2932,"fincertId":"FINCERT-2026-002932","incidentId":15851,"idempotencyKey":"incident-15851","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:55.349461Z","receivedAt":"2026-05-15T20:51:55.371708Z"},{"id":2931,"fincertId":"FINCERT-2026-002931","incidentId":15849,"idempotencyKey":"incident-15849","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:55.291552Z","receivedAt":"2026-05-15T20:51:55.308612Z"},{"id":2930,"fincertId":"FINCERT-2026-002930","incidentId":15842,"idempotencyKey":"incident-15842","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:55.167002Z","receivedAt":"2026-05-15T20:51:55.182703Z"},{"id":2929,"fincertId":"FINCERT-2026-002929","incidentId":15839,"idempotencyKey":"incident-15839","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:55.078488Z","receivedAt":"2026-05-15T20:51:55.092443Z"},{"id":2928,"fincertId":"FINCERT-2026-002928","incidentId":15833,"idempotencyKey":"incident-15833","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:54.936109Z","receivedAt":"2026-05-15T20:51:54.948469Z"},{"id":2927,"fincertId":"FINCERT-2026-002927","incidentId":15832,"idempotencyKey":"incident-15832","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:54.917625Z","receivedAt":"2026-05-15T20:51:54.929453Z"},{"id":2926,"fincertId":"FINCERT-2026-002926","incidentId":15831,"idempotencyKey":"incident-15831","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:54.883990Z","receivedAt":"2026-05-15T20:51:54.911767Z"},{"id":2925,"fincertId":"FINCERT-2026-002925","incidentId":15826,"idempotencyKey":"incident-15826","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:54.739209Z","receivedAt":"2026-05-15T20:51:54.751509Z"},{"id":2924,"fincertId":"FINCERT-2026-002924","incidentId":15825,"idempotencyKey":"incident-15825","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:54.712241Z","receivedAt":"2026-05-15T20:51:54.724405Z"},{"id":2923,"fincertId":"FINCERT-2026-002923","incidentId":15820,"idempotencyKey":"incident-15820","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:54.604528Z","receivedAt":"2026-05-15T20:51:54.624731Z"},{"id":2922,"fincertId":"FINCERT-2026-002922","incidentId":15818,"idempotencyKey":"incident-15818","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:54.568920Z","receivedAt":"2026-05-15T20:51:54.580165Z"},{"id":2921,"fincertId":"FINCERT-2026-002921","incidentId":15817,"idempotencyKey":"incident-15817","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:54.551944Z","receivedAt":"2026-05-15T20:51:54.562643Z"},{"id":2920,"fincertId":"FINCERT-2026-002920","incidentId":15814,"idempotencyKey":"incident-15814","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:54.504017Z","receivedAt":"2026-05-15T20:51:54.517456Z"},{"id":2919,"fincertId":"FINCERT-2026-002919","incidentId":15810,"idempotencyKey":"incident-15810","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:54.420503Z","receivedAt":"2026-05-15T20:51:54.433156Z"},{"id":2918,"fincertId":"FINCERT-2026-002918","incidentId":15807,"idempotencyKey":"incident-15807","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:54.354451Z","receivedAt":"2026-05-15T20:51:54.373702Z"},{"id":2917,"fincertId":"FINCERT-2026-002917","incidentId":15802,"idempotencyKey":"incident-15802","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:54.250574Z","receivedAt":"2026-05-15T20:51:54.262981Z"},{"id":2916,"fincertId":"FINCERT-2026-002916","incidentId":15797,"idempotencyKey":"incident-15797","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:54.169617Z","receivedAt":"2026-05-15T20:51:54.182661Z"},{"id":2915,"fincertId":"FINCERT-2026-002915","incidentId":15795,"idempotencyKey":"incident-15795","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:54.122116Z","receivedAt":"2026-05-15T20:51:54.145541Z"},{"id":2914,"fincertId":"FINCERT-2026-002914","incidentId":15794,"idempotencyKey":"incident-15794","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:54.076904Z","receivedAt":"2026-05-15T20:51:54.100333Z"},{"id":2913,"fincertId":"FINCERT-2026-002913","incidentId":15792,"idempotencyKey":"incident-15792","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:53.997661Z","receivedAt":"2026-05-15T20:51:54.030087Z"},{"id":2912,"fincertId":"FINCERT-2026-002912","incidentId":15791,"idempotencyKey":"incident-15791","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:53.950086Z","receivedAt":"2026-05-15T20:51:53.977020Z"},{"id":2911,"fincertId":"FINCERT-2026-002911","incidentId":15789,"idempotencyKey":"incident-15789","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:53.896711Z","receivedAt":"2026-05-15T20:51:53.919497Z"},{"id":2910,"fincertId":"FINCERT-2026-002910","incidentId":15784,"idempotencyKey":"incident-15784","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:53.801135Z","receivedAt":"2026-05-15T20:51:53.818477Z"},{"id":2909,"fincertId":"FINCERT-2026-002909","incidentId":15783,"idempotencyKey":"incident-15783","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:53.780862Z","receivedAt":"2026-05-15T20:51:53.794974Z"},{"id":2908,"fincertId":"FINCERT-2026-002908","incidentId":15781,"idempotencyKey":"incident-15781","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:53.739245Z","receivedAt":"2026-05-15T20:51:53.751514Z"},{"id":2907,"fincertId":"FINCERT-2026-002907","incidentId":15776,"idempotencyKey":"incident-15776","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:53.643567Z","receivedAt":"2026-05-15T20:51:53.663158Z"},{"id":2906,"fincertId":"FINCERT-2026-002906","incidentId":15774,"idempotencyKey":"incident-15774","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:53.592437Z","receivedAt":"2026-05-15T20:51:53.609647Z"},{"id":2905,"fincertId":"FINCERT-2026-002905","incidentId":15769,"idempotencyKey":"incident-15769","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:53.516523Z","receivedAt":"2026-05-15T20:51:53.529892Z"},{"id":2904,"fincertId":"FINCERT-2026-002904","incidentId":15764,"idempotencyKey":"incident-15764","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:53.411816Z","receivedAt":"2026-05-15T20:51:53.426434Z"},{"id":2903,"fincertId":"FINCERT-2026-002903","incidentId":15763,"idempotencyKey":"incident-15763","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:53.368226Z","receivedAt":"2026-05-15T20:51:53.388119Z"},{"id":2902,"fincertId":"FINCERT-2026-002902","incidentId":15762,"idempotencyKey":"incident-15762","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:53.331856Z","receivedAt":"2026-05-15T20:51:53.357752Z"},{"id":2901,"fincertId":"FINCERT-2026-002901","incidentId":15758,"idempotencyKey":"incident-15758","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:53.234140Z","receivedAt":"2026-05-15T20:51:53.251357Z"},{"id":2900,"fincertId":"FINCERT-2026-002900","incidentId":15757,"idempotencyKey":"incident-15757","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:53.195949Z","receivedAt":"2026-05-15T20:51:53.212238Z"},{"id":2899,"fincertId":"FINCERT-2026-002899","incidentId":15751,"idempotencyKey":"incident-15751","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:53.056958Z","receivedAt":"2026-05-15T20:51:53.069844Z"},{"id":2898,"fincertId":"FINCERT-2026-002898","incidentId":15745,"idempotencyKey":"incident-15745","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:52.948543Z","receivedAt":"2026-05-15T20:51:52.966534Z"},{"id":2897,"fincertId":"FINCERT-2026-002897","incidentId":15743,"idempotencyKey":"incident-15743","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:52.916105Z","receivedAt":"2026-05-15T20:51:52.929323Z"},{"id":2896,"fincertId":"FINCERT-2026-002896","incidentId":15739,"idempotencyKey":"incident-15739","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:52.848367Z","receivedAt":"2026-05-15T20:51:52.861896Z"},{"id":2895,"fincertId":"FINCERT-2026-002895","incidentId":15737,"idempotencyKey":"incident-15737","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:52.799129Z","receivedAt":"2026-05-15T20:51:52.816772Z"},{"id":2894,"fincertId":"FINCERT-2026-002894","incidentId":15733,"idempotencyKey":"incident-15733","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:52.724141Z","receivedAt":"2026-05-15T20:51:52.735497Z"},{"id":2893,"fincertId":"FINCERT-2026-002893","incidentId":15729,"idempotencyKey":"incident-15729","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:52.654555Z","receivedAt":"2026-05-15T20:51:52.669348Z"},{"id":2892,"fincertId":"FINCERT-2026-002892","incidentId":15727,"idempotencyKey":"incident-15727","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:52.595049Z","receivedAt":"2026-05-15T20:51:52.612773Z"},{"id":2891,"fincertId":"FINCERT-2026-002891","incidentId":15721,"idempotencyKey":"incident-15721","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:52.491153Z","receivedAt":"2026-05-15T20:51:52.512676Z"},{"id":2890,"fincertId":"FINCERT-2026-002890","incidentId":15717,"idempotencyKey":"incident-15717","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:52.413425Z","receivedAt":"2026-05-15T20:51:52.426333Z"},{"id":2889,"fincertId":"FINCERT-2026-002889","incidentId":15712,"idempotencyKey":"incident-15712","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:52.336393Z","receivedAt":"2026-05-15T20:51:52.348056Z"},{"id":2888,"fincertId":"FINCERT-2026-002888","incidentId":15704,"idempotencyKey":"incident-15704","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:52.180024Z","receivedAt":"2026-05-15T20:51:52.199483Z"},{"id":2887,"fincertId":"FINCERT-2026-002887","incidentId":15702,"idempotencyKey":"incident-15702","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:52.112597Z","receivedAt":"2026-05-15T20:51:52.138373Z"},{"id":2886,"fincertId":"FINCERT-2026-002886","incidentId":15701,"idempotencyKey":"incident-15701","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:52.084658Z","receivedAt":"2026-05-15T20:51:52.101493Z"},{"id":2885,"fincertId":"FINCERT-2026-002885","incidentId":15699,"idempotencyKey":"incident-15699","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:51.996724Z","receivedAt":"2026-05-15T20:51:52.036567Z"},{"id":2884,"fincertId":"FINCERT-2026-002884","incidentId":15695,"idempotencyKey":"incident-15695","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:51.910025Z","receivedAt":"2026-05-15T20:51:51.922090Z"},{"id":2883,"fincertId":"FINCERT-2026-002883","incidentId":15690,"idempotencyKey":"incident-15690","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:51.787458Z","receivedAt":"2026-05-15T20:51:51.800592Z"},{"id":2882,"fincertId":"FINCERT-2026-002882","incidentId":15685,"idempotencyKey":"incident-15685","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:51.702803Z","receivedAt":"2026-05-15T20:51:51.716351Z"},{"id":2881,"fincertId":"FINCERT-2026-002881","incidentId":15684,"idempotencyKey":"incident-15684","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:51.672594Z","receivedAt":"2026-05-15T20:51:51.692816Z"},{"id":2880,"fincertId":"FINCERT-2026-002880","incidentId":15680,"idempotencyKey":"incident-15680","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:51.569568Z","receivedAt":"2026-05-15T20:51:51.582772Z"},{"id":2879,"fincertId":"FINCERT-2026-002879","incidentId":15678,"idempotencyKey":"incident-15678","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:51.532969Z","receivedAt":"2026-05-15T20:51:51.547040Z"},{"id":2878,"fincertId":"FINCERT-2026-002878","incidentId":15665,"idempotencyKey":"incident-15665","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:51.274400Z","receivedAt":"2026-05-15T20:51:51.288523Z"},{"id":2877,"fincertId":"FINCERT-2026-002877","incidentId":15660,"idempotencyKey":"incident-15660","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:51.134250Z","receivedAt":"2026-05-15T20:51:51.154968Z"},{"id":2876,"fincertId":"FINCERT-2026-002876","incidentId":15658,"idempotencyKey":"incident-15658","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:51.070316Z","receivedAt":"2026-05-15T20:51:51.084204Z"},{"id":2875,"fincertId":"FINCERT-2026-002875","incidentId":15657,"idempotencyKey":"incident-15657","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:51.034802Z","receivedAt":"2026-05-15T20:51:51.061237Z"},{"id":2874,"fincertId":"FINCERT-2026-002874","incidentId":15654,"idempotencyKey":"incident-15654","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:50.943235Z","receivedAt":"2026-05-15T20:51:50.977281Z"},{"id":2873,"fincertId":"FINCERT-2026-002873","incidentId":15653,"idempotencyKey":"incident-15653","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:50.906993Z","receivedAt":"2026-05-15T20:51:50.924808Z"},{"id":2872,"fincertId":"FINCERT-2026-002872","incidentId":15652,"idempotencyKey":"incident-15652","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:50.885684Z","receivedAt":"2026-05-15T20:51:50.898340Z"},{"id":2871,"fincertId":"FINCERT-2026-002871","incidentId":15639,"idempotencyKey":"incident-15639","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:50.592868Z","receivedAt":"2026-05-15T20:51:50.614458Z"},{"id":2870,"fincertId":"FINCERT-2026-002870","incidentId":15633,"idempotencyKey":"incident-15633","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:50.442010Z","receivedAt":"2026-05-15T20:51:50.458087Z"},{"id":2869,"fincertId":"FINCERT-2026-002869","incidentId":15630,"idempotencyKey":"incident-15630","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:50.391507Z","receivedAt":"2026-05-15T20:51:50.404811Z"},{"id":2868,"fincertId":"FINCERT-2026-002868","incidentId":15629,"idempotencyKey":"incident-15629","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:50.362449Z","receivedAt":"2026-05-15T20:51:50.375947Z"},{"id":2867,"fincertId":"FINCERT-2026-002867","incidentId":15626,"idempotencyKey":"incident-15626","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:50.292443Z","receivedAt":"2026-05-15T20:51:50.307314Z"},{"id":2866,"fincertId":"FINCERT-2026-002866","incidentId":15623,"idempotencyKey":"incident-15623","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:50.244793Z","receivedAt":"2026-05-15T20:51:50.259063Z"},{"id":2865,"fincertId":"FINCERT-2026-002865","incidentId":15621,"idempotencyKey":"incident-15621","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:50.205058Z","receivedAt":"2026-05-15T20:51:50.219791Z"},{"id":2864,"fincertId":"FINCERT-2026-002864","incidentId":15618,"idempotencyKey":"incident-15618","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:50.148886Z","receivedAt":"2026-05-15T20:51:50.162685Z"},{"id":2863,"fincertId":"FINCERT-2026-002863","incidentId":15612,"idempotencyKey":"incident-15612","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:50.021823Z","receivedAt":"2026-05-15T20:51:50.034902Z"},{"id":2862,"fincertId":"FINCERT-2026-002862","incidentId":15604,"idempotencyKey":"incident-15604","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:49.836236Z","receivedAt":"2026-05-15T20:51:49.863318Z"},{"id":2861,"fincertId":"FINCERT-2026-002861","incidentId":15603,"idempotencyKey":"incident-15603","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:49.794113Z","receivedAt":"2026-05-15T20:51:49.811067Z"},{"id":2860,"fincertId":"FINCERT-2026-002860","incidentId":15600,"idempotencyKey":"incident-15600","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:49.724815Z","receivedAt":"2026-05-15T20:51:49.753538Z"},{"id":2859,"fincertId":"FINCERT-2026-002859","incidentId":15599,"idempotencyKey":"incident-15599","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:49.652550Z","receivedAt":"2026-05-15T20:51:49.691288Z"},{"id":2858,"fincertId":"FINCERT-2026-002858","incidentId":15597,"idempotencyKey":"incident-15597","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:49.587531Z","receivedAt":"2026-05-15T20:51:49.601150Z"},{"id":2857,"fincertId":"FINCERT-2026-002857","incidentId":15596,"idempotencyKey":"incident-15596","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:49.566450Z","receivedAt":"2026-05-15T20:51:49.581325Z"},{"id":2856,"fincertId":"FINCERT-2026-002856","incidentId":15592,"idempotencyKey":"incident-15592","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:49.502317Z","receivedAt":"2026-05-15T20:51:49.514882Z"},{"id":2855,"fincertId":"FINCERT-2026-002855","incidentId":15587,"idempotencyKey":"incident-15587","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:49.407996Z","receivedAt":"2026-05-15T20:51:49.422240Z"},{"id":2854,"fincertId":"FINCERT-2026-002854","incidentId":15586,"idempotencyKey":"incident-15586","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:49.381576Z","receivedAt":"2026-05-15T20:51:49.400340Z"},{"id":2853,"fincertId":"FINCERT-2026-002853","incidentId":15582,"idempotencyKey":"incident-15582","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:49.282113Z","receivedAt":"2026-05-15T20:51:49.294677Z"},{"id":2852,"fincertId":"FINCERT-2026-002852","incidentId":15574,"idempotencyKey":"incident-15574","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:49.131871Z","receivedAt":"2026-05-15T20:51:49.152052Z"},{"id":2851,"fincertId":"FINCERT-2026-002851","incidentId":15572,"idempotencyKey":"incident-15572","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:49.087552Z","receivedAt":"2026-05-15T20:51:49.099530Z"},{"id":2850,"fincertId":"FINCERT-2026-002850","incidentId":15570,"idempotencyKey":"incident-15570","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:49.051869Z","receivedAt":"2026-05-15T20:51:49.065993Z"},{"id":2849,"fincertId":"FINCERT-2026-002849","incidentId":15567,"idempotencyKey":"incident-15567","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:48.991205Z","receivedAt":"2026-05-15T20:51:49.009704Z"},{"id":2848,"fincertId":"FINCERT-2026-002848","incidentId":15566,"idempotencyKey":"incident-15566","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:48.951864Z","receivedAt":"2026-05-15T20:51:48.978520Z"},{"id":2847,"fincertId":"FINCERT-2026-002847","incidentId":15562,"idempotencyKey":"incident-15562","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:48.890717Z","receivedAt":"2026-05-15T20:51:48.901984Z"},{"id":2846,"fincertId":"FINCERT-2026-002846","incidentId":15557,"idempotencyKey":"incident-15557","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:48.763605Z","receivedAt":"2026-05-15T20:51:48.777499Z"},{"id":2845,"fincertId":"FINCERT-2026-002845","incidentId":15556,"idempotencyKey":"incident-15556","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:48.742027Z","receivedAt":"2026-05-15T20:51:48.756826Z"},{"id":2844,"fincertId":"FINCERT-2026-002844","incidentId":15555,"idempotencyKey":"incident-15555","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:48.717117Z","receivedAt":"2026-05-15T20:51:48.733443Z"},{"id":2843,"fincertId":"FINCERT-2026-002843","incidentId":15553,"idempotencyKey":"incident-15553","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:48.684339Z","receivedAt":"2026-05-15T20:51:48.695206Z"},{"id":2842,"fincertId":"FINCERT-2026-002842","incidentId":15549,"idempotencyKey":"incident-15549","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:48.601667Z","receivedAt":"2026-05-15T20:51:48.616811Z"},{"id":2841,"fincertId":"FINCERT-2026-002841","incidentId":15547,"idempotencyKey":"incident-15547","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:48.569534Z","receivedAt":"2026-05-15T20:51:48.581677Z"},{"id":2840,"fincertId":"FINCERT-2026-002840","incidentId":15546,"idempotencyKey":"incident-15546","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:48.550840Z","receivedAt":"2026-05-15T20:51:48.563077Z"},{"id":2839,"fincertId":"FINCERT-2026-002839","incidentId":15544,"idempotencyKey":"incident-15544","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:48.503625Z","receivedAt":"2026-05-15T20:51:48.529679Z"},{"id":2838,"fincertId":"FINCERT-2026-002838","incidentId":15532,"idempotencyKey":"incident-15532","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:48.228911Z","receivedAt":"2026-05-15T20:51:48.247009Z"},{"id":2837,"fincertId":"FINCERT-2026-002837","incidentId":15531,"idempotencyKey":"incident-15531","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:48.186064Z","receivedAt":"2026-05-15T20:51:48.203073Z"},{"id":2836,"fincertId":"FINCERT-2026-002836","incidentId":15524,"idempotencyKey":"incident-15524","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:48.019198Z","receivedAt":"2026-05-15T20:51:48.036920Z"},{"id":2835,"fincertId":"FINCERT-2026-002835","incidentId":15522,"idempotencyKey":"incident-15522","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:47.962082Z","receivedAt":"2026-05-15T20:51:47.977493Z"},{"id":2834,"fincertId":"FINCERT-2026-002834","incidentId":15519,"idempotencyKey":"incident-15519","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:47.877954Z","receivedAt":"2026-05-15T20:51:47.895414Z"},{"id":2833,"fincertId":"FINCERT-2026-002833","incidentId":15518,"idempotencyKey":"incident-15518","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:47.833041Z","receivedAt":"2026-05-15T20:51:47.857979Z"},{"id":2832,"fincertId":"FINCERT-2026-002832","incidentId":15517,"idempotencyKey":"incident-15517","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:47.796438Z","receivedAt":"2026-05-15T20:51:47.812383Z"},{"id":2831,"fincertId":"FINCERT-2026-002831","incidentId":15515,"idempotencyKey":"incident-15515","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:47.762288Z","receivedAt":"2026-05-15T20:51:47.774909Z"},{"id":2830,"fincertId":"FINCERT-2026-002830","incidentId":15508,"idempotencyKey":"incident-15508","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:47.600372Z","receivedAt":"2026-05-15T20:51:47.630725Z"},{"id":2829,"fincertId":"FINCERT-2026-002829","incidentId":15501,"idempotencyKey":"incident-15501","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:47.484125Z","receivedAt":"2026-05-15T20:51:47.500887Z"},{"id":2828,"fincertId":"FINCERT-2026-002828","incidentId":15500,"idempotencyKey":"incident-15500","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:47.443588Z","receivedAt":"2026-05-15T20:51:47.459889Z"},{"id":2827,"fincertId":"FINCERT-2026-002827","incidentId":15497,"idempotencyKey":"incident-15497","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:47.389021Z","receivedAt":"2026-05-15T20:51:47.403015Z"},{"id":2826,"fincertId":"FINCERT-2026-002826","incidentId":15496,"idempotencyKey":"incident-15496","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:47.344476Z","receivedAt":"2026-05-15T20:51:47.369504Z"},{"id":2825,"fincertId":"FINCERT-2026-002825","incidentId":15476,"idempotencyKey":"incident-15476","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:46.931673Z","receivedAt":"2026-05-15T20:51:46.944005Z"},{"id":2824,"fincertId":"FINCERT-2026-002824","incidentId":15467,"idempotencyKey":"incident-15467","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:46.766011Z","receivedAt":"2026-05-15T20:51:46.778253Z"},{"id":2823,"fincertId":"FINCERT-2026-002823","incidentId":15466,"idempotencyKey":"incident-15466","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:46.732794Z","receivedAt":"2026-05-15T20:51:46.747864Z"},{"id":2822,"fincertId":"FINCERT-2026-002822","incidentId":15465,"idempotencyKey":"incident-15465","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:46.709889Z","receivedAt":"2026-05-15T20:51:46.724109Z"},{"id":2821,"fincertId":"FINCERT-2026-002821","incidentId":15460,"idempotencyKey":"incident-15460","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:46.589025Z","receivedAt":"2026-05-15T20:51:46.612890Z"},{"id":2820,"fincertId":"FINCERT-2026-002820","incidentId":15455,"idempotencyKey":"incident-15455","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:46.464938Z","receivedAt":"2026-05-15T20:51:46.482142Z"},{"id":2819,"fincertId":"FINCERT-2026-002819","incidentId":15448,"idempotencyKey":"incident-15448","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:46.357963Z","receivedAt":"2026-05-15T20:51:46.373006Z"},{"id":2818,"fincertId":"FINCERT-2026-002818","incidentId":15443,"idempotencyKey":"incident-15443","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:46.260519Z","receivedAt":"2026-05-15T20:51:46.271057Z"},{"id":2817,"fincertId":"FINCERT-2026-002817","incidentId":15437,"idempotencyKey":"incident-15437","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:46.164387Z","receivedAt":"2026-05-15T20:51:46.179586Z"},{"id":2816,"fincertId":"FINCERT-2026-002816","incidentId":15436,"idempotencyKey":"incident-15436","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:46.100635Z","receivedAt":"2026-05-15T20:51:46.128826Z"},{"id":2815,"fincertId":"FINCERT-2026-002815","incidentId":15435,"idempotencyKey":"incident-15435","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:46.081460Z","receivedAt":"2026-05-15T20:51:46.094064Z"},{"id":2814,"fincertId":"FINCERT-2026-002814","incidentId":15433,"idempotencyKey":"incident-15433","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:46.046919Z","receivedAt":"2026-05-15T20:51:46.060208Z"},{"id":2813,"fincertId":"FINCERT-2026-002813","incidentId":15432,"idempotencyKey":"incident-15432","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:46.027095Z","receivedAt":"2026-05-15T20:51:46.039699Z"},{"id":2812,"fincertId":"FINCERT-2026-002812","incidentId":15427,"idempotencyKey":"incident-15427","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:45.943918Z","receivedAt":"2026-05-15T20:51:45.955603Z"},{"id":2811,"fincertId":"FINCERT-2026-002811","incidentId":15426,"idempotencyKey":"incident-15426","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:45.917378Z","receivedAt":"2026-05-15T20:51:45.929936Z"},{"id":2810,"fincertId":"FINCERT-2026-002810","incidentId":15424,"idempotencyKey":"incident-15424","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:45.879764Z","receivedAt":"2026-05-15T20:51:45.893444Z"},{"id":2809,"fincertId":"FINCERT-2026-002809","incidentId":15408,"idempotencyKey":"incident-15408","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:45.561792Z","receivedAt":"2026-05-15T20:51:45.574337Z"},{"id":2808,"fincertId":"FINCERT-2026-002808","incidentId":15401,"idempotencyKey":"incident-15401","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:45.427337Z","receivedAt":"2026-05-15T20:51:45.438626Z"},{"id":2807,"fincertId":"FINCERT-2026-002807","incidentId":15397,"idempotencyKey":"incident-15397","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:45.323762Z","receivedAt":"2026-05-15T20:51:45.364448Z"},{"id":2806,"fincertId":"FINCERT-2026-002806","incidentId":15395,"idempotencyKey":"incident-15395","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:45.225645Z","receivedAt":"2026-05-15T20:51:45.244869Z"},{"id":2805,"fincertId":"FINCERT-2026-002805","incidentId":15385,"idempotencyKey":"incident-15385","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:45.002210Z","receivedAt":"2026-05-15T20:51:45.016619Z"},{"id":2804,"fincertId":"FINCERT-2026-002804","incidentId":15382,"idempotencyKey":"incident-15382","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:44.946511Z","receivedAt":"2026-05-15T20:51:44.957496Z"},{"id":2803,"fincertId":"FINCERT-2026-002803","incidentId":15377,"idempotencyKey":"incident-15377","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:44.864249Z","receivedAt":"2026-05-15T20:51:44.878815Z"},{"id":2802,"fincertId":"FINCERT-2026-002802","incidentId":15367,"idempotencyKey":"incident-15367","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:44.617427Z","receivedAt":"2026-05-15T20:51:44.655016Z"},{"id":2801,"fincertId":"FINCERT-2026-002801","incidentId":15365,"idempotencyKey":"incident-15365","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:44.569951Z","receivedAt":"2026-05-15T20:51:44.586047Z"},{"id":2800,"fincertId":"FINCERT-2026-002800","incidentId":15358,"idempotencyKey":"incident-15358","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:44.412073Z","receivedAt":"2026-05-15T20:51:44.427683Z"},{"id":2799,"fincertId":"FINCERT-2026-002799","incidentId":15352,"idempotencyKey":"incident-15352","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:44.291419Z","receivedAt":"2026-05-15T20:51:44.304901Z"},{"id":2798,"fincertId":"FINCERT-2026-002798","incidentId":15343,"idempotencyKey":"incident-15343","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:44.160991Z","receivedAt":"2026-05-15T20:51:44.171122Z"},{"id":2797,"fincertId":"FINCERT-2026-002797","incidentId":15342,"idempotencyKey":"incident-15342","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:44.131834Z","receivedAt":"2026-05-15T20:51:44.147403Z"},{"id":2796,"fincertId":"FINCERT-2026-002796","incidentId":15333,"idempotencyKey":"incident-15333","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:43.965921Z","receivedAt":"2026-05-15T20:51:43.993370Z"},{"id":2795,"fincertId":"FINCERT-2026-002795","incidentId":15331,"idempotencyKey":"incident-15331","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:43.913867Z","receivedAt":"2026-05-15T20:51:43.932274Z"},{"id":2794,"fincertId":"FINCERT-2026-002794","incidentId":15321,"idempotencyKey":"incident-15321","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:43.727132Z","receivedAt":"2026-05-15T20:51:43.739238Z"},{"id":2793,"fincertId":"FINCERT-2026-002793","incidentId":15317,"idempotencyKey":"incident-15317","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:43.666227Z","receivedAt":"2026-05-15T20:51:43.678247Z"},{"id":2792,"fincertId":"FINCERT-2026-002792","incidentId":15316,"idempotencyKey":"incident-15316","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:43.616996Z","receivedAt":"2026-05-15T20:51:43.646242Z"},{"id":2791,"fincertId":"FINCERT-2026-002791","incidentId":15315,"idempotencyKey":"incident-15315","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:43.588967Z","receivedAt":"2026-05-15T20:51:43.607100Z"},{"id":2790,"fincertId":"FINCERT-2026-002790","incidentId":15313,"idempotencyKey":"incident-15313","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:43.552158Z","receivedAt":"2026-05-15T20:51:43.564507Z"},{"id":2789,"fincertId":"FINCERT-2026-002789","incidentId":15310,"idempotencyKey":"incident-15310","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:43.491039Z","receivedAt":"2026-05-15T20:51:43.510896Z"},{"id":2788,"fincertId":"FINCERT-2026-002788","incidentId":15307,"idempotencyKey":"incident-15307","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:43.394825Z","receivedAt":"2026-05-15T20:51:43.432907Z"},{"id":2787,"fincertId":"FINCERT-2026-002787","incidentId":15298,"idempotencyKey":"incident-15298","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:43.192123Z","receivedAt":"2026-05-15T20:51:43.203665Z"},{"id":2786,"fincertId":"FINCERT-2026-002786","incidentId":15295,"idempotencyKey":"incident-15295","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:43.145771Z","receivedAt":"2026-05-15T20:51:43.158567Z"},{"id":2785,"fincertId":"FINCERT-2026-002785","incidentId":15292,"idempotencyKey":"incident-15292","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:43.065876Z","receivedAt":"2026-05-15T20:51:43.080065Z"},{"id":2784,"fincertId":"FINCERT-2026-002784","incidentId":15289,"idempotencyKey":"incident-15289","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:42.993036Z","receivedAt":"2026-05-15T20:51:43.017809Z"},{"id":2783,"fincertId":"FINCERT-2026-002783","incidentId":15288,"idempotencyKey":"incident-15288","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:42.955741Z","receivedAt":"2026-05-15T20:51:42.972356Z"},{"id":2782,"fincertId":"FINCERT-2026-002782","incidentId":15287,"idempotencyKey":"incident-15287","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:42.936576Z","receivedAt":"2026-05-15T20:51:42.949057Z"},{"id":2781,"fincertId":"FINCERT-2026-002781","incidentId":15286,"idempotencyKey":"incident-15286","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:42.917479Z","receivedAt":"2026-05-15T20:51:42.930072Z"},{"id":2780,"fincertId":"FINCERT-2026-002780","incidentId":15280,"idempotencyKey":"incident-15280","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:42.821678Z","receivedAt":"2026-05-15T20:51:42.839867Z"},{"id":2779,"fincertId":"FINCERT-2026-002779","incidentId":15272,"idempotencyKey":"incident-15272","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:42.699849Z","receivedAt":"2026-05-15T20:51:42.712555Z"},{"id":2778,"fincertId":"FINCERT-2026-002778","incidentId":15271,"idempotencyKey":"incident-15271","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:42.681280Z","receivedAt":"2026-05-15T20:51:42.693337Z"},{"id":2777,"fincertId":"FINCERT-2026-002777","incidentId":15270,"idempotencyKey":"incident-15270","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:42.657618Z","receivedAt":"2026-05-15T20:51:42.674148Z"},{"id":2776,"fincertId":"FINCERT-2026-002776","incidentId":15269,"idempotencyKey":"incident-15269","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:42.624817Z","receivedAt":"2026-05-15T20:51:42.647558Z"},{"id":2775,"fincertId":"FINCERT-2026-002775","incidentId":15266,"idempotencyKey":"incident-15266","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:42.573650Z","receivedAt":"2026-05-15T20:51:42.585011Z"},{"id":2774,"fincertId":"FINCERT-2026-002774","incidentId":15260,"idempotencyKey":"incident-15260","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:42.445850Z","receivedAt":"2026-05-15T20:51:42.458737Z"},{"id":2773,"fincertId":"FINCERT-2026-002773","incidentId":15259,"idempotencyKey":"incident-15259","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:42.419914Z","receivedAt":"2026-05-15T20:51:42.432761Z"},{"id":2772,"fincertId":"FINCERT-2026-002772","incidentId":15258,"idempotencyKey":"incident-15258","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:42.401344Z","receivedAt":"2026-05-15T20:51:42.413288Z"},{"id":2771,"fincertId":"FINCERT-2026-002771","incidentId":15257,"idempotencyKey":"incident-15257","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:42.363623Z","receivedAt":"2026-05-15T20:51:42.385129Z"},{"id":2770,"fincertId":"FINCERT-2026-002770","incidentId":15248,"idempotencyKey":"incident-15248","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:42.195987Z","receivedAt":"2026-05-15T20:51:42.206559Z"},{"id":2769,"fincertId":"FINCERT-2026-002769","incidentId":15247,"idempotencyKey":"incident-15247","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:42.179951Z","receivedAt":"2026-05-15T20:51:42.190551Z"},{"id":2768,"fincertId":"FINCERT-2026-002768","incidentId":15244,"idempotencyKey":"incident-15244","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:42.123648Z","receivedAt":"2026-05-15T20:51:42.139709Z"},{"id":2767,"fincertId":"FINCERT-2026-002767","incidentId":15237,"idempotencyKey":"incident-15237","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:41.996896Z","receivedAt":"2026-05-15T20:51:42.021063Z"},{"id":2766,"fincertId":"FINCERT-2026-002766","incidentId":15234,"idempotencyKey":"incident-15234","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:41.936557Z","receivedAt":"2026-05-15T20:51:41.949164Z"},{"id":2765,"fincertId":"FINCERT-2026-002765","incidentId":15231,"idempotencyKey":"incident-15231","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:41.882355Z","receivedAt":"2026-05-15T20:51:41.897637Z"},{"id":2764,"fincertId":"FINCERT-2026-002764","incidentId":15225,"idempotencyKey":"incident-15225","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:41.771425Z","receivedAt":"2026-05-15T20:51:41.785063Z"},{"id":2763,"fincertId":"FINCERT-2026-002763","incidentId":15222,"idempotencyKey":"incident-15222","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:41.717957Z","receivedAt":"2026-05-15T20:51:41.731081Z"},{"id":2762,"fincertId":"FINCERT-2026-002762","incidentId":15217,"idempotencyKey":"incident-15217","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:41.596580Z","receivedAt":"2026-05-15T20:51:41.609291Z"},{"id":2761,"fincertId":"FINCERT-2026-002761","incidentId":15216,"idempotencyKey":"incident-15216","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:41.577702Z","receivedAt":"2026-05-15T20:51:41.590012Z"},{"id":2760,"fincertId":"FINCERT-2026-002760","incidentId":15207,"idempotencyKey":"incident-15207","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:41.426383Z","receivedAt":"2026-05-15T20:51:41.438134Z"},{"id":2759,"fincertId":"FINCERT-2026-002759","incidentId":15205,"idempotencyKey":"incident-15205","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:41.395502Z","receivedAt":"2026-05-15T20:51:41.407890Z"},{"id":2758,"fincertId":"FINCERT-2026-002758","incidentId":15201,"idempotencyKey":"incident-15201","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:41.309993Z","receivedAt":"2026-05-15T20:51:41.334417Z"},{"id":2757,"fincertId":"FINCERT-2026-002757","incidentId":15200,"idempotencyKey":"incident-15200","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:41.288684Z","receivedAt":"2026-05-15T20:51:41.300520Z"},{"id":2756,"fincertId":"FINCERT-2026-002756","incidentId":15193,"idempotencyKey":"incident-15193","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:41.183711Z","receivedAt":"2026-05-15T20:51:41.194910Z"},{"id":2755,"fincertId":"FINCERT-2026-002755","incidentId":15190,"idempotencyKey":"incident-15190","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:41.136160Z","receivedAt":"2026-05-15T20:51:41.149224Z"},{"id":2754,"fincertId":"FINCERT-2026-002754","incidentId":15188,"idempotencyKey":"incident-15188","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:41.097145Z","receivedAt":"2026-05-15T20:51:41.109955Z"},{"id":2753,"fincertId":"FINCERT-2026-002753","incidentId":15186,"idempotencyKey":"incident-15186","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:41.066559Z","receivedAt":"2026-05-15T20:51:41.077332Z"},{"id":2752,"fincertId":"FINCERT-2026-002752","incidentId":15185,"idempotencyKey":"incident-15185","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:41.047756Z","receivedAt":"2026-05-15T20:51:41.060193Z"},{"id":2751,"fincertId":"FINCERT-2026-002751","incidentId":15183,"idempotencyKey":"incident-15183","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:40.999702Z","receivedAt":"2026-05-15T20:51:41.023034Z"},{"id":2750,"fincertId":"FINCERT-2026-002750","incidentId":15180,"idempotencyKey":"incident-15180","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:40.944008Z","receivedAt":"2026-05-15T20:51:40.956687Z"},{"id":2749,"fincertId":"FINCERT-2026-002749","incidentId":15175,"idempotencyKey":"incident-15175","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:40.867117Z","receivedAt":"2026-05-15T20:51:40.878626Z"},{"id":2748,"fincertId":"FINCERT-2026-002748","incidentId":15171,"idempotencyKey":"incident-15171","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:40.779481Z","receivedAt":"2026-05-15T20:51:40.792361Z"},{"id":2747,"fincertId":"FINCERT-2026-002747","incidentId":15170,"idempotencyKey":"incident-15170","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:40.752238Z","receivedAt":"2026-05-15T20:51:40.765844Z"},{"id":2746,"fincertId":"FINCERT-2026-002746","incidentId":15167,"idempotencyKey":"incident-15167","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:40.699134Z","receivedAt":"2026-05-15T20:51:40.711844Z"},{"id":2745,"fincertId":"FINCERT-2026-002745","incidentId":15159,"idempotencyKey":"incident-15159","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:40.574059Z","receivedAt":"2026-05-15T20:51:40.584765Z"},{"id":2744,"fincertId":"FINCERT-2026-002744","incidentId":15152,"idempotencyKey":"incident-15152","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:40.451350Z","receivedAt":"2026-05-15T20:51:40.474617Z"},{"id":2743,"fincertId":"FINCERT-2026-002743","incidentId":15150,"idempotencyKey":"incident-15150","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:40.416562Z","receivedAt":"2026-05-15T20:51:40.428982Z"},{"id":2742,"fincertId":"FINCERT-2026-002742","incidentId":15149,"idempotencyKey":"incident-15149","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:40.397113Z","receivedAt":"2026-05-15T20:51:40.409839Z"},{"id":2741,"fincertId":"FINCERT-2026-002741","incidentId":15136,"idempotencyKey":"incident-15136","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:40.179941Z","receivedAt":"2026-05-15T20:51:40.192453Z"},{"id":2740,"fincertId":"FINCERT-2026-002740","incidentId":15131,"idempotencyKey":"incident-15131","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:40.087859Z","receivedAt":"2026-05-15T20:51:40.101234Z"},{"id":2739,"fincertId":"FINCERT-2026-002739","incidentId":15129,"idempotencyKey":"incident-15129","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:40.039088Z","receivedAt":"2026-05-15T20:51:40.058297Z"},{"id":2738,"fincertId":"FINCERT-2026-002738","incidentId":15123,"idempotencyKey":"incident-15123","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:39.823380Z","receivedAt":"2026-05-15T20:51:39.866572Z"},{"id":2737,"fincertId":"FINCERT-2026-002737","incidentId":15117,"idempotencyKey":"incident-15117","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:39.700144Z","receivedAt":"2026-05-15T20:51:39.715877Z"},{"id":2736,"fincertId":"FINCERT-2026-002736","incidentId":15110,"idempotencyKey":"incident-15110","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:39.567006Z","receivedAt":"2026-05-15T20:51:39.580346Z"},{"id":2735,"fincertId":"FINCERT-2026-002735","incidentId":15109,"idempotencyKey":"incident-15109","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:39.524435Z","receivedAt":"2026-05-15T20:51:39.550418Z"},{"id":2734,"fincertId":"FINCERT-2026-002734","incidentId":15108,"idempotencyKey":"incident-15108","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:39.479762Z","receivedAt":"2026-05-15T20:51:39.509686Z"},{"id":2733,"fincertId":"FINCERT-2026-002733","incidentId":15107,"idempotencyKey":"incident-15107","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:39.445461Z","receivedAt":"2026-05-15T20:51:39.462605Z"},{"id":2732,"fincertId":"FINCERT-2026-002732","incidentId":15104,"idempotencyKey":"incident-15104","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:39.390538Z","receivedAt":"2026-05-15T20:51:39.403142Z"},{"id":2731,"fincertId":"FINCERT-2026-002731","incidentId":15103,"idempotencyKey":"incident-15103","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:39.370227Z","receivedAt":"2026-05-15T20:51:39.382637Z"},{"id":2730,"fincertId":"FINCERT-2026-002730","incidentId":15101,"idempotencyKey":"incident-15101","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:39.323108Z","receivedAt":"2026-05-15T20:51:39.347467Z"},{"id":2729,"fincertId":"FINCERT-2026-002729","incidentId":15098,"idempotencyKey":"incident-15098","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:39.252788Z","receivedAt":"2026-05-15T20:51:39.268055Z"},{"id":2728,"fincertId":"FINCERT-2026-002728","incidentId":15097,"idempotencyKey":"incident-15097","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:39.218928Z","receivedAt":"2026-05-15T20:51:39.233951Z"},{"id":2727,"fincertId":"FINCERT-2026-002727","incidentId":15095,"idempotencyKey":"incident-15095","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:39.154012Z","receivedAt":"2026-05-15T20:51:39.170825Z"},{"id":2726,"fincertId":"FINCERT-2026-002726","incidentId":15094,"idempotencyKey":"incident-15094","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:39.113447Z","receivedAt":"2026-05-15T20:51:39.133893Z"},{"id":2725,"fincertId":"FINCERT-2026-002725","incidentId":15086,"idempotencyKey":"incident-15086","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:38.942392Z","receivedAt":"2026-05-15T20:51:38.958771Z"},{"id":2724,"fincertId":"FINCERT-2026-002724","incidentId":15081,"idempotencyKey":"incident-15081","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:38.864107Z","receivedAt":"2026-05-15T20:51:38.876545Z"},{"id":2723,"fincertId":"FINCERT-2026-002723","incidentId":15070,"idempotencyKey":"incident-15070","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:38.670069Z","receivedAt":"2026-05-15T20:51:38.683855Z"},{"id":2722,"fincertId":"FINCERT-2026-002722","incidentId":15069,"idempotencyKey":"incident-15069","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:38.634307Z","receivedAt":"2026-05-15T20:51:38.654976Z"},{"id":2721,"fincertId":"FINCERT-2026-002721","incidentId":15065,"idempotencyKey":"incident-15065","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:38.546107Z","receivedAt":"2026-05-15T20:51:38.563952Z"},{"id":2720,"fincertId":"FINCERT-2026-002720","incidentId":15063,"idempotencyKey":"incident-15063","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:38.482874Z","receivedAt":"2026-05-15T20:51:38.513064Z"},{"id":2719,"fincertId":"FINCERT-2026-002719","incidentId":15060,"idempotencyKey":"incident-15060","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:38.401973Z","receivedAt":"2026-05-15T20:51:38.417456Z"},{"id":2718,"fincertId":"FINCERT-2026-002718","incidentId":15058,"idempotencyKey":"incident-15058","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:38.329606Z","receivedAt":"2026-05-15T20:51:38.359566Z"},{"id":2717,"fincertId":"FINCERT-2026-002717","incidentId":15057,"idempotencyKey":"incident-15057","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:38.288438Z","receivedAt":"2026-05-15T20:51:38.304212Z"},{"id":2716,"fincertId":"FINCERT-2026-002716","incidentId":15051,"idempotencyKey":"incident-15051","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:38.186973Z","receivedAt":"2026-05-15T20:51:38.198831Z"},{"id":2715,"fincertId":"FINCERT-2026-002715","incidentId":15050,"idempotencyKey":"incident-15050","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:38.158783Z","receivedAt":"2026-05-15T20:51:38.180030Z"},{"id":2714,"fincertId":"FINCERT-2026-002714","incidentId":15048,"idempotencyKey":"incident-15048","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:38.097866Z","receivedAt":"2026-05-15T20:51:38.124898Z"},{"id":2713,"fincertId":"FINCERT-2026-002713","incidentId":15047,"idempotencyKey":"incident-15047","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:38.070793Z","receivedAt":"2026-05-15T20:51:38.090357Z"},{"id":2712,"fincertId":"FINCERT-2026-002712","incidentId":15045,"idempotencyKey":"incident-15045","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:37.973530Z","receivedAt":"2026-05-15T20:51:37.999830Z"},{"id":2711,"fincertId":"FINCERT-2026-002711","incidentId":15041,"idempotencyKey":"incident-15041","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:37.894978Z","receivedAt":"2026-05-15T20:51:37.910932Z"},{"id":2710,"fincertId":"FINCERT-2026-002710","incidentId":15039,"idempotencyKey":"incident-15039","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:37.853196Z","receivedAt":"2026-05-15T20:51:37.868974Z"},{"id":2709,"fincertId":"FINCERT-2026-002709","incidentId":15035,"idempotencyKey":"incident-15035","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:37.730717Z","receivedAt":"2026-05-15T20:51:37.761992Z"},{"id":2708,"fincertId":"FINCERT-2026-002708","incidentId":15033,"idempotencyKey":"incident-15033","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:37.639823Z","receivedAt":"2026-05-15T20:51:37.665373Z"},{"id":2707,"fincertId":"FINCERT-2026-002707","incidentId":15029,"idempotencyKey":"incident-15029","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:37.542813Z","receivedAt":"2026-05-15T20:51:37.557727Z"},{"id":2706,"fincertId":"FINCERT-2026-002706","incidentId":15028,"idempotencyKey":"incident-15028","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:37.512231Z","receivedAt":"2026-05-15T20:51:37.533773Z"},{"id":2705,"fincertId":"FINCERT-2026-002705","incidentId":15024,"idempotencyKey":"incident-15024","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:37.406531Z","receivedAt":"2026-05-15T20:51:37.422864Z"},{"id":2704,"fincertId":"FINCERT-2026-002704","incidentId":15021,"idempotencyKey":"incident-15021","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:37.353691Z","receivedAt":"2026-05-15T20:51:37.367585Z"},{"id":2703,"fincertId":"FINCERT-2026-002703","incidentId":15017,"idempotencyKey":"incident-15017","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:37.276041Z","receivedAt":"2026-05-15T20:51:37.291373Z"},{"id":2702,"fincertId":"FINCERT-2026-002702","incidentId":15016,"idempotencyKey":"incident-15016","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:37.242315Z","receivedAt":"2026-05-15T20:51:37.255292Z"},{"id":2701,"fincertId":"FINCERT-2026-002701","incidentId":15015,"idempotencyKey":"incident-15015","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:37.208014Z","receivedAt":"2026-05-15T20:51:37.227013Z"},{"id":2700,"fincertId":"FINCERT-2026-002700","incidentId":15013,"idempotencyKey":"incident-15013","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:37.119590Z","receivedAt":"2026-05-15T20:51:37.143953Z"},{"id":2699,"fincertId":"FINCERT-2026-002699","incidentId":15002,"idempotencyKey":"incident-15002","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:36.915470Z","receivedAt":"2026-05-15T20:51:36.926493Z"},{"id":2698,"fincertId":"FINCERT-2026-002698","incidentId":15001,"idempotencyKey":"incident-15001","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:36.895925Z","receivedAt":"2026-05-15T20:51:36.909295Z"},{"id":2697,"fincertId":"FINCERT-2026-002697","incidentId":14990,"idempotencyKey":"incident-14990","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:36.685774Z","receivedAt":"2026-05-15T20:51:36.706734Z"},{"id":2696,"fincertId":"FINCERT-2026-002696","incidentId":14988,"idempotencyKey":"incident-14988","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:36.632338Z","receivedAt":"2026-05-15T20:51:36.655026Z"},{"id":2695,"fincertId":"FINCERT-2026-002695","incidentId":14987,"idempotencyKey":"incident-14987","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:36.576321Z","receivedAt":"2026-05-15T20:51:36.612346Z"},{"id":2694,"fincertId":"FINCERT-2026-002694","incidentId":14957,"idempotencyKey":"incident-14957","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:36.084220Z","receivedAt":"2026-05-15T20:51:36.100698Z"},{"id":2693,"fincertId":"FINCERT-2026-002693","incidentId":14949,"idempotencyKey":"incident-14949","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:35.934885Z","receivedAt":"2026-05-15T20:51:35.949372Z"},{"id":2692,"fincertId":"FINCERT-2026-002692","incidentId":14948,"idempotencyKey":"incident-14948","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:35.916139Z","receivedAt":"2026-05-15T20:51:35.928633Z"},{"id":2691,"fincertId":"FINCERT-2026-002691","incidentId":14945,"idempotencyKey":"incident-14945","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:35.831088Z","receivedAt":"2026-05-15T20:51:35.871074Z"},{"id":2690,"fincertId":"FINCERT-2026-002690","incidentId":14941,"idempotencyKey":"incident-14941","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:35.745209Z","receivedAt":"2026-05-15T20:51:35.756766Z"},{"id":2689,"fincertId":"FINCERT-2026-002689","incidentId":14929,"idempotencyKey":"incident-14929","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:35.554845Z","receivedAt":"2026-05-15T20:51:35.566851Z"},{"id":2688,"fincertId":"FINCERT-2026-002688","incidentId":14915,"idempotencyKey":"incident-14915","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:35.265460Z","receivedAt":"2026-05-15T20:51:35.286280Z"},{"id":2687,"fincertId":"FINCERT-2026-002687","incidentId":14911,"idempotencyKey":"incident-14911","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:35.192087Z","receivedAt":"2026-05-15T20:51:35.204507Z"},{"id":2686,"fincertId":"FINCERT-2026-002686","incidentId":14907,"idempotencyKey":"incident-14907","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:35.087849Z","receivedAt":"2026-05-15T20:51:35.113403Z"},{"id":2685,"fincertId":"FINCERT-2026-002685","incidentId":14904,"idempotencyKey":"incident-14904","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:34.997937Z","receivedAt":"2026-05-15T20:51:35.022510Z"},{"id":2684,"fincertId":"FINCERT-2026-002684","incidentId":14903,"idempotencyKey":"incident-14903","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:34.958750Z","receivedAt":"2026-05-15T20:51:34.984911Z"},{"id":2683,"fincertId":"FINCERT-2026-002683","incidentId":14901,"idempotencyKey":"incident-14901","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:34.902758Z","receivedAt":"2026-05-15T20:51:34.917692Z"},{"id":2682,"fincertId":"FINCERT-2026-002682","incidentId":14898,"idempotencyKey":"incident-14898","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:34.834378Z","receivedAt":"2026-05-15T20:51:34.862518Z"},{"id":2681,"fincertId":"FINCERT-2026-002681","incidentId":14894,"idempotencyKey":"incident-14894","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:34.733488Z","receivedAt":"2026-05-15T20:51:34.748433Z"},{"id":2680,"fincertId":"FINCERT-2026-002680","incidentId":14890,"idempotencyKey":"incident-14890","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:34.652619Z","receivedAt":"2026-05-15T20:51:34.671606Z"},{"id":2679,"fincertId":"FINCERT-2026-002679","incidentId":14889,"idempotencyKey":"incident-14889","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:34.609641Z","receivedAt":"2026-05-15T20:51:34.640577Z"},{"id":2678,"fincertId":"FINCERT-2026-002678","incidentId":14880,"idempotencyKey":"incident-14880","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:34.435620Z","receivedAt":"2026-05-15T20:51:34.450582Z"},{"id":2677,"fincertId":"FINCERT-2026-002677","incidentId":14878,"idempotencyKey":"incident-14878","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:34.382563Z","receivedAt":"2026-05-15T20:51:34.404602Z"},{"id":2676,"fincertId":"FINCERT-2026-002676","incidentId":14871,"idempotencyKey":"incident-14871","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:34.248716Z","receivedAt":"2026-05-15T20:51:34.261598Z"},{"id":2675,"fincertId":"FINCERT-2026-002675","incidentId":14866,"idempotencyKey":"incident-14866","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:34.029568Z","receivedAt":"2026-05-15T20:51:34.051567Z"},{"id":2674,"fincertId":"FINCERT-2026-002674","incidentId":14855,"idempotencyKey":"incident-14855","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:33.746894Z","receivedAt":"2026-05-15T20:51:33.763913Z"},{"id":2673,"fincertId":"FINCERT-2026-002673","incidentId":14852,"idempotencyKey":"incident-14852","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:33.696926Z","receivedAt":"2026-05-15T20:51:33.710461Z"},{"id":2672,"fincertId":"FINCERT-2026-002672","incidentId":14849,"idempotencyKey":"incident-14849","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:33.642432Z","receivedAt":"2026-05-15T20:51:33.661015Z"},{"id":2671,"fincertId":"FINCERT-2026-002671","incidentId":14848,"idempotencyKey":"incident-14848","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:33.599622Z","receivedAt":"2026-05-15T20:51:33.615643Z"},{"id":2670,"fincertId":"FINCERT-2026-002670","incidentId":14845,"idempotencyKey":"incident-14845","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:33.547404Z","receivedAt":"2026-05-15T20:51:33.561807Z"},{"id":2669,"fincertId":"FINCERT-2026-002669","incidentId":14843,"idempotencyKey":"incident-14843","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:33.478331Z","receivedAt":"2026-05-15T20:51:33.518424Z"},{"id":2668,"fincertId":"FINCERT-2026-002668","incidentId":14842,"idempotencyKey":"incident-14842","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:33.443032Z","receivedAt":"2026-05-15T20:51:33.467317Z"},{"id":2667,"fincertId":"FINCERT-2026-002667","incidentId":14840,"idempotencyKey":"incident-14840","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:33.373726Z","receivedAt":"2026-05-15T20:51:33.406245Z"},{"id":2666,"fincertId":"FINCERT-2026-002666","incidentId":14839,"idempotencyKey":"incident-14839","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:33.301587Z","receivedAt":"2026-05-15T20:51:33.323416Z"},{"id":2665,"fincertId":"FINCERT-2026-002665","incidentId":14833,"idempotencyKey":"incident-14833","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:33.203741Z","receivedAt":"2026-05-15T20:51:33.215226Z"},{"id":2664,"fincertId":"FINCERT-2026-002664","incidentId":14831,"idempotencyKey":"incident-14831","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:33.171827Z","receivedAt":"2026-05-15T20:51:33.183503Z"},{"id":2663,"fincertId":"FINCERT-2026-002663","incidentId":14821,"idempotencyKey":"incident-14821","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:32.960381Z","receivedAt":"2026-05-15T20:51:32.986155Z"},{"id":2662,"fincertId":"FINCERT-2026-002662","incidentId":14816,"idempotencyKey":"incident-14816","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:32.869273Z","receivedAt":"2026-05-15T20:51:32.890829Z"},{"id":2661,"fincertId":"FINCERT-2026-002661","incidentId":14813,"idempotencyKey":"incident-14813","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:32.741943Z","receivedAt":"2026-05-15T20:51:32.756423Z"},{"id":2660,"fincertId":"FINCERT-2026-002660","incidentId":14811,"idempotencyKey":"incident-14811","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:32.697405Z","receivedAt":"2026-05-15T20:51:32.710420Z"},{"id":2659,"fincertId":"FINCERT-2026-002659","incidentId":14810,"idempotencyKey":"incident-14810","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:32.658802Z","receivedAt":"2026-05-15T20:51:32.680090Z"},{"id":2658,"fincertId":"FINCERT-2026-002658","incidentId":14807,"idempotencyKey":"incident-14807","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:32.585034Z","receivedAt":"2026-05-15T20:51:32.598456Z"},{"id":2657,"fincertId":"FINCERT-2026-002657","incidentId":14805,"idempotencyKey":"incident-14805","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:32.543746Z","receivedAt":"2026-05-15T20:51:32.560559Z"},{"id":2656,"fincertId":"FINCERT-2026-002656","incidentId":14804,"idempotencyKey":"incident-14804","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:32.519783Z","receivedAt":"2026-05-15T20:51:32.537487Z"},{"id":2655,"fincertId":"FINCERT-2026-002655","incidentId":14801,"idempotencyKey":"incident-14801","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:32.433120Z","receivedAt":"2026-05-15T20:51:32.449116Z"},{"id":2654,"fincertId":"FINCERT-2026-002654","incidentId":14798,"idempotencyKey":"incident-14798","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:32.385674Z","receivedAt":"2026-05-15T20:51:32.397526Z"},{"id":2653,"fincertId":"FINCERT-2026-002653","incidentId":14796,"idempotencyKey":"incident-14796","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:32.340990Z","receivedAt":"2026-05-15T20:51:32.362017Z"},{"id":2652,"fincertId":"FINCERT-2026-002652","incidentId":14788,"idempotencyKey":"incident-14788","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:32.195928Z","receivedAt":"2026-05-15T20:51:32.210355Z"},{"id":2651,"fincertId":"FINCERT-2026-002651","incidentId":14787,"idempotencyKey":"incident-14787","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:32.176281Z","receivedAt":"2026-05-15T20:51:32.189079Z"},{"id":2650,"fincertId":"FINCERT-2026-002650","incidentId":14786,"idempotencyKey":"incident-14786","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:32.156893Z","receivedAt":"2026-05-15T20:51:32.170126Z"},{"id":2649,"fincertId":"FINCERT-2026-002649","incidentId":14785,"idempotencyKey":"incident-14785","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:32.135645Z","receivedAt":"2026-05-15T20:51:32.150123Z"},{"id":2648,"fincertId":"FINCERT-2026-002648","incidentId":14783,"idempotencyKey":"incident-14783","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:32.089635Z","receivedAt":"2026-05-15T20:51:32.103494Z"},{"id":2647,"fincertId":"FINCERT-2026-002647","incidentId":14778,"idempotencyKey":"incident-14778","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:32.002027Z","receivedAt":"2026-05-15T20:51:32.023930Z"},{"id":2646,"fincertId":"FINCERT-2026-002646","incidentId":14776,"idempotencyKey":"incident-14776","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:31.932917Z","receivedAt":"2026-05-15T20:51:31.957875Z"},{"id":2645,"fincertId":"FINCERT-2026-002645","incidentId":14762,"idempotencyKey":"incident-14762","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:31.662014Z","receivedAt":"2026-05-15T20:51:31.688947Z"},{"id":2644,"fincertId":"FINCERT-2026-002644","incidentId":14760,"idempotencyKey":"incident-14760","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:31.600347Z","receivedAt":"2026-05-15T20:51:31.615438Z"},{"id":2643,"fincertId":"FINCERT-2026-002643","incidentId":14759,"idempotencyKey":"incident-14759","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:31.571318Z","receivedAt":"2026-05-15T20:51:31.584157Z"},{"id":2642,"fincertId":"FINCERT-2026-002642","incidentId":14751,"idempotencyKey":"incident-14751","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:31.412899Z","receivedAt":"2026-05-15T20:51:31.424844Z"},{"id":2641,"fincertId":"FINCERT-2026-002641","incidentId":14747,"idempotencyKey":"incident-14747","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:31.324407Z","receivedAt":"2026-05-15T20:51:31.348153Z"},{"id":2640,"fincertId":"FINCERT-2026-002640","incidentId":14746,"idempotencyKey":"incident-14746","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:31.296401Z","receivedAt":"2026-05-15T20:51:31.311727Z"},{"id":2639,"fincertId":"FINCERT-2026-002639","incidentId":14745,"idempotencyKey":"incident-14745","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:31.276874Z","receivedAt":"2026-05-15T20:51:31.289421Z"},{"id":2638,"fincertId":"FINCERT-2026-002638","incidentId":14739,"idempotencyKey":"incident-14739","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:31.088983Z","receivedAt":"2026-05-15T20:51:31.108120Z"},{"id":2637,"fincertId":"FINCERT-2026-002637","incidentId":14732,"idempotencyKey":"incident-14732","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:30.957348Z","receivedAt":"2026-05-15T20:51:30.981863Z"},{"id":2636,"fincertId":"FINCERT-2026-002636","incidentId":14725,"idempotencyKey":"incident-14725","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:30.854986Z","receivedAt":"2026-05-15T20:51:30.868454Z"},{"id":2635,"fincertId":"FINCERT-2026-002635","incidentId":14721,"idempotencyKey":"incident-14721","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:30.779430Z","receivedAt":"2026-05-15T20:51:30.793121Z"},{"id":2634,"fincertId":"FINCERT-2026-002634","incidentId":14708,"idempotencyKey":"incident-14708","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:30.555516Z","receivedAt":"2026-05-15T20:51:30.566602Z"},{"id":2633,"fincertId":"FINCERT-2026-002633","incidentId":14706,"idempotencyKey":"incident-14706","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:30.519351Z","receivedAt":"2026-05-15T20:51:30.532707Z"},{"id":2632,"fincertId":"FINCERT-2026-002632","incidentId":14700,"idempotencyKey":"incident-14700","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:30.394291Z","receivedAt":"2026-05-15T20:51:30.408361Z"},{"id":2631,"fincertId":"FINCERT-2026-002631","incidentId":14693,"idempotencyKey":"incident-14693","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:30.268745Z","receivedAt":"2026-05-15T20:51:30.281809Z"},{"id":2630,"fincertId":"FINCERT-2026-002630","incidentId":14692,"idempotencyKey":"incident-14692","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:30.245928Z","receivedAt":"2026-05-15T20:51:30.260565Z"},{"id":2629,"fincertId":"FINCERT-2026-002629","incidentId":14691,"idempotencyKey":"incident-14691","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:30.201372Z","receivedAt":"2026-05-15T20:51:30.221039Z"},{"id":2628,"fincertId":"FINCERT-2026-002628","incidentId":14690,"idempotencyKey":"incident-14690","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:30.153978Z","receivedAt":"2026-05-15T20:51:30.179012Z"},{"id":2627,"fincertId":"FINCERT-2026-002627","incidentId":14687,"idempotencyKey":"incident-14687","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:30.079348Z","receivedAt":"2026-05-15T20:51:30.090948Z"},{"id":2626,"fincertId":"FINCERT-2026-002626","incidentId":14676,"idempotencyKey":"incident-14676","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:29.915693Z","receivedAt":"2026-05-15T20:51:29.928349Z"},{"id":2625,"fincertId":"FINCERT-2026-002625","incidentId":14670,"idempotencyKey":"incident-14670","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:29.776623Z","receivedAt":"2026-05-15T20:51:29.792361Z"},{"id":2624,"fincertId":"FINCERT-2026-002624","incidentId":14662,"idempotencyKey":"incident-14662","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:29.532276Z","receivedAt":"2026-05-15T20:51:29.545277Z"},{"id":2623,"fincertId":"FINCERT-2026-002623","incidentId":14657,"idempotencyKey":"incident-14657","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:29.373850Z","receivedAt":"2026-05-15T20:51:29.420097Z"},{"id":2622,"fincertId":"FINCERT-2026-002622","incidentId":14654,"idempotencyKey":"incident-14654","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:29.233924Z","receivedAt":"2026-05-15T20:51:29.249407Z"},{"id":2621,"fincertId":"FINCERT-2026-002621","incidentId":14649,"idempotencyKey":"incident-14649","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:29.020729Z","receivedAt":"2026-05-15T20:51:29.052056Z"},{"id":2620,"fincertId":"FINCERT-2026-002620","incidentId":14647,"idempotencyKey":"incident-14647","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:28.941030Z","receivedAt":"2026-05-15T20:51:28.961136Z"},{"id":2619,"fincertId":"FINCERT-2026-002619","incidentId":14645,"idempotencyKey":"incident-14645","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:28.877691Z","receivedAt":"2026-05-15T20:51:28.903393Z"},{"id":2618,"fincertId":"FINCERT-2026-002618","incidentId":14635,"idempotencyKey":"incident-14635","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:28.532534Z","receivedAt":"2026-05-15T20:51:28.553748Z"},{"id":2617,"fincertId":"FINCERT-2026-002617","incidentId":14628,"idempotencyKey":"incident-14628","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:28.354927Z","receivedAt":"2026-05-15T20:51:28.372855Z"},{"id":2616,"fincertId":"FINCERT-2026-002616","incidentId":14626,"idempotencyKey":"incident-14626","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:28.289496Z","receivedAt":"2026-05-15T20:51:28.308585Z"},{"id":2615,"fincertId":"FINCERT-2026-002615","incidentId":14624,"idempotencyKey":"incident-14624","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:28.168324Z","receivedAt":"2026-05-15T20:51:28.215471Z"},{"id":2614,"fincertId":"FINCERT-2026-002614","incidentId":14618,"idempotencyKey":"incident-14618","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:27.930111Z","receivedAt":"2026-05-15T20:51:27.945586Z"},{"id":2613,"fincertId":"FINCERT-2026-002613","incidentId":14615,"idempotencyKey":"incident-14615","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:27.862882Z","receivedAt":"2026-05-15T20:51:27.879356Z"},{"id":2612,"fincertId":"FINCERT-2026-002612","incidentId":14612,"idempotencyKey":"incident-14612","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:27.790017Z","receivedAt":"2026-05-15T20:51:27.807926Z"},{"id":2611,"fincertId":"FINCERT-2026-002611","incidentId":14611,"idempotencyKey":"incident-14611","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:27.764499Z","receivedAt":"2026-05-15T20:51:27.780910Z"},{"id":2610,"fincertId":"FINCERT-2026-002610","incidentId":14608,"idempotencyKey":"incident-14608","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:27.696070Z","receivedAt":"2026-05-15T20:51:27.709127Z"},{"id":2609,"fincertId":"FINCERT-2026-002609","incidentId":14607,"idempotencyKey":"incident-14607","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:27.676872Z","receivedAt":"2026-05-15T20:51:27.688915Z"},{"id":2608,"fincertId":"FINCERT-2026-002608","incidentId":14605,"idempotencyKey":"incident-14605","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:27.626954Z","receivedAt":"2026-05-15T20:51:27.653893Z"},{"id":2607,"fincertId":"FINCERT-2026-002607","incidentId":14601,"idempotencyKey":"incident-14601","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:27.553827Z","receivedAt":"2026-05-15T20:51:27.569473Z"},{"id":2606,"fincertId":"FINCERT-2026-002606","incidentId":14595,"idempotencyKey":"incident-14595","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:27.416666Z","receivedAt":"2026-05-15T20:51:27.429856Z"},{"id":2605,"fincertId":"FINCERT-2026-002605","incidentId":14591,"idempotencyKey":"incident-14591","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:27.339510Z","receivedAt":"2026-05-15T20:51:27.363924Z"},{"id":2604,"fincertId":"FINCERT-2026-002604","incidentId":14586,"idempotencyKey":"incident-14586","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:27.239437Z","receivedAt":"2026-05-15T20:51:27.251784Z"},{"id":2603,"fincertId":"FINCERT-2026-002603","incidentId":14585,"idempotencyKey":"incident-14585","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:27.207771Z","receivedAt":"2026-05-15T20:51:27.224709Z"},{"id":2602,"fincertId":"FINCERT-2026-002602","incidentId":14582,"idempotencyKey":"incident-14582","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:27.136483Z","receivedAt":"2026-05-15T20:51:27.156475Z"},{"id":2601,"fincertId":"FINCERT-2026-002601","incidentId":14581,"idempotencyKey":"incident-14581","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:27.094375Z","receivedAt":"2026-05-15T20:51:27.123085Z"},{"id":2600,"fincertId":"FINCERT-2026-002600","incidentId":14580,"idempotencyKey":"incident-14580","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:27.070379Z","receivedAt":"2026-05-15T20:51:27.085589Z"},{"id":2599,"fincertId":"FINCERT-2026-002599","incidentId":14577,"idempotencyKey":"incident-14577","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:27.016898Z","receivedAt":"2026-05-15T20:51:27.031968Z"},{"id":2598,"fincertId":"FINCERT-2026-002598","incidentId":14574,"idempotencyKey":"incident-14574","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:26.946397Z","receivedAt":"2026-05-15T20:51:26.965469Z"},{"id":2597,"fincertId":"FINCERT-2026-002597","incidentId":14565,"idempotencyKey":"incident-14565","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:26.784436Z","receivedAt":"2026-05-15T20:51:26.796437Z"},{"id":2596,"fincertId":"FINCERT-2026-002596","incidentId":14564,"idempotencyKey":"incident-14564","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:26.764950Z","receivedAt":"2026-05-15T20:51:26.778098Z"},{"id":2595,"fincertId":"FINCERT-2026-002595","incidentId":14555,"idempotencyKey":"incident-14555","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:26.594143Z","receivedAt":"2026-05-15T20:51:26.633447Z"},{"id":2594,"fincertId":"FINCERT-2026-002594","incidentId":14553,"idempotencyKey":"incident-14553","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:26.553825Z","receivedAt":"2026-05-15T20:51:26.566587Z"},{"id":2593,"fincertId":"FINCERT-2026-002593","incidentId":14550,"idempotencyKey":"incident-14550","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:26.494635Z","receivedAt":"2026-05-15T20:51:26.510058Z"},{"id":2592,"fincertId":"FINCERT-2026-002592","incidentId":14549,"idempotencyKey":"incident-14549","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:26.464607Z","receivedAt":"2026-05-15T20:51:26.487048Z"},{"id":2591,"fincertId":"FINCERT-2026-002591","incidentId":14539,"idempotencyKey":"incident-14539","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:26.290118Z","receivedAt":"2026-05-15T20:51:26.302591Z"},{"id":2590,"fincertId":"FINCERT-2026-002590","incidentId":14536,"idempotencyKey":"incident-14536","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:26.228551Z","receivedAt":"2026-05-15T20:51:26.244619Z"},{"id":2589,"fincertId":"FINCERT-2026-002589","incidentId":14532,"idempotencyKey":"incident-14532","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:26.168726Z","receivedAt":"2026-05-15T20:51:26.180752Z"},{"id":2588,"fincertId":"FINCERT-2026-002588","incidentId":14528,"idempotencyKey":"incident-14528","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:26.086538Z","receivedAt":"2026-05-15T20:51:26.105546Z"},{"id":2587,"fincertId":"FINCERT-2026-002587","incidentId":14516,"idempotencyKey":"incident-14516","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:25.842373Z","receivedAt":"2026-05-15T20:51:25.874914Z"},{"id":2586,"fincertId":"FINCERT-2026-002586","incidentId":14508,"idempotencyKey":"incident-14508","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:25.689794Z","receivedAt":"2026-05-15T20:51:25.703627Z"},{"id":2585,"fincertId":"FINCERT-2026-002585","incidentId":14504,"idempotencyKey":"incident-14504","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:25.602707Z","receivedAt":"2026-05-15T20:51:25.623455Z"},{"id":2584,"fincertId":"FINCERT-2026-002584","incidentId":14501,"idempotencyKey":"incident-14501","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:25.545321Z","receivedAt":"2026-05-15T20:51:25.558225Z"},{"id":2583,"fincertId":"FINCERT-2026-002583","incidentId":14496,"idempotencyKey":"incident-14496","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:25.444775Z","receivedAt":"2026-05-15T20:51:25.459069Z"},{"id":2582,"fincertId":"FINCERT-2026-002582","incidentId":14492,"idempotencyKey":"incident-14492","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:25.351657Z","receivedAt":"2026-05-15T20:51:25.374487Z"},{"id":2581,"fincertId":"FINCERT-2026-002581","incidentId":14491,"idempotencyKey":"incident-14491","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:25.306308Z","receivedAt":"2026-05-15T20:51:25.329681Z"},{"id":2580,"fincertId":"FINCERT-2026-002580","incidentId":14488,"idempotencyKey":"incident-14488","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:25.232949Z","receivedAt":"2026-05-15T20:51:25.257419Z"},{"id":2579,"fincertId":"FINCERT-2026-002579","incidentId":14487,"idempotencyKey":"incident-14487","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:25.198918Z","receivedAt":"2026-05-15T20:51:25.215428Z"},{"id":2578,"fincertId":"FINCERT-2026-002578","incidentId":14483,"idempotencyKey":"incident-14483","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:25.134747Z","receivedAt":"2026-05-15T20:51:25.150677Z"},{"id":2577,"fincertId":"FINCERT-2026-002577","incidentId":14480,"idempotencyKey":"incident-14480","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:25.078568Z","receivedAt":"2026-05-15T20:51:25.090448Z"},{"id":2576,"fincertId":"FINCERT-2026-002576","incidentId":14472,"idempotencyKey":"incident-14472","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:24.951618Z","receivedAt":"2026-05-15T20:51:24.965635Z"},{"id":2575,"fincertId":"FINCERT-2026-002575","incidentId":14469,"idempotencyKey":"incident-14469","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:24.886437Z","receivedAt":"2026-05-15T20:51:24.906507Z"},{"id":2574,"fincertId":"FINCERT-2026-002574","incidentId":14467,"idempotencyKey":"incident-14467","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:24.809137Z","receivedAt":"2026-05-15T20:51:24.832337Z"},{"id":2573,"fincertId":"FINCERT-2026-002573","incidentId":14455,"idempotencyKey":"incident-14455","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:24.570794Z","receivedAt":"2026-05-15T20:51:24.585136Z"},{"id":2572,"fincertId":"FINCERT-2026-002572","incidentId":14452,"idempotencyKey":"incident-14452","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:24.509137Z","receivedAt":"2026-05-15T20:51:24.527984Z"},{"id":2571,"fincertId":"FINCERT-2026-002571","incidentId":14449,"idempotencyKey":"incident-14449","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:24.435792Z","receivedAt":"2026-05-15T20:51:24.451578Z"},{"id":2570,"fincertId":"FINCERT-2026-002570","incidentId":14448,"idempotencyKey":"incident-14448","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:24.403214Z","receivedAt":"2026-05-15T20:51:24.418019Z"},{"id":2569,"fincertId":"FINCERT-2026-002569","incidentId":14443,"idempotencyKey":"incident-14443","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:24.291066Z","receivedAt":"2026-05-15T20:51:24.307121Z"},{"id":2568,"fincertId":"FINCERT-2026-002568","incidentId":14441,"idempotencyKey":"incident-14441","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:24.236632Z","receivedAt":"2026-05-15T20:51:24.249615Z"},{"id":2567,"fincertId":"FINCERT-2026-002567","incidentId":14435,"idempotencyKey":"incident-14435","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:24.117901Z","receivedAt":"2026-05-15T20:51:24.143114Z"},{"id":2566,"fincertId":"FINCERT-2026-002566","incidentId":14434,"idempotencyKey":"incident-14434","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:24.091396Z","receivedAt":"2026-05-15T20:51:24.105498Z"},{"id":2565,"fincertId":"FINCERT-2026-002565","incidentId":14429,"idempotencyKey":"incident-14429","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:23.967083Z","receivedAt":"2026-05-15T20:51:23.991307Z"},{"id":2564,"fincertId":"FINCERT-2026-002564","incidentId":14427,"idempotencyKey":"incident-14427","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:23.928967Z","receivedAt":"2026-05-15T20:51:23.942697Z"},{"id":2563,"fincertId":"FINCERT-2026-002563","incidentId":14425,"idempotencyKey":"incident-14425","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:23.892990Z","receivedAt":"2026-05-15T20:51:23.906301Z"},{"id":2562,"fincertId":"FINCERT-2026-002562","incidentId":14424,"idempotencyKey":"incident-14424","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:23.873560Z","receivedAt":"2026-05-15T20:51:23.886552Z"},{"id":2561,"fincertId":"FINCERT-2026-002561","incidentId":14422,"idempotencyKey":"incident-14422","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:23.815223Z","receivedAt":"2026-05-15T20:51:23.846155Z"},{"id":2560,"fincertId":"FINCERT-2026-002560","incidentId":14419,"idempotencyKey":"incident-14419","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:23.760196Z","receivedAt":"2026-05-15T20:51:23.772718Z"},{"id":2559,"fincertId":"FINCERT-2026-002559","incidentId":14417,"idempotencyKey":"incident-14417","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:23.710104Z","receivedAt":"2026-05-15T20:51:23.735387Z"},{"id":2558,"fincertId":"FINCERT-2026-002558","incidentId":14410,"idempotencyKey":"incident-14410","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:23.559903Z","receivedAt":"2026-05-15T20:51:23.572120Z"},{"id":2557,"fincertId":"FINCERT-2026-002557","incidentId":14408,"idempotencyKey":"incident-14408","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:23.478086Z","receivedAt":"2026-05-15T20:51:23.500575Z"},{"id":2556,"fincertId":"FINCERT-2026-002556","incidentId":14402,"idempotencyKey":"incident-14402","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:23.320652Z","receivedAt":"2026-05-15T20:51:23.341962Z"},{"id":2555,"fincertId":"FINCERT-2026-002555","incidentId":14399,"idempotencyKey":"incident-14399","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:23.209372Z","receivedAt":"2026-05-15T20:51:23.239040Z"},{"id":2554,"fincertId":"FINCERT-2026-002554","incidentId":14395,"idempotencyKey":"incident-14395","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:23.083248Z","receivedAt":"2026-05-15T20:51:23.100403Z"},{"id":2553,"fincertId":"FINCERT-2026-002553","incidentId":14392,"idempotencyKey":"incident-14392","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:22.999402Z","receivedAt":"2026-05-15T20:51:23.041228Z"},{"id":2552,"fincertId":"FINCERT-2026-002552","incidentId":14386,"idempotencyKey":"incident-14386","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:22.887034Z","receivedAt":"2026-05-15T20:51:22.900904Z"},{"id":2551,"fincertId":"FINCERT-2026-002551","incidentId":14382,"idempotencyKey":"incident-14382","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:22.798050Z","receivedAt":"2026-05-15T20:51:22.819636Z"},{"id":2550,"fincertId":"FINCERT-2026-002550","incidentId":14380,"idempotencyKey":"incident-14380","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:22.758246Z","receivedAt":"2026-05-15T20:51:22.773006Z"},{"id":2549,"fincertId":"FINCERT-2026-002549","incidentId":14379,"idempotencyKey":"incident-14379","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:22.726722Z","receivedAt":"2026-05-15T20:51:22.740937Z"},{"id":2548,"fincertId":"FINCERT-2026-002548","incidentId":14373,"idempotencyKey":"incident-14373","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:22.602306Z","receivedAt":"2026-05-15T20:51:22.621379Z"},{"id":2547,"fincertId":"FINCERT-2026-002547","incidentId":14372,"idempotencyKey":"incident-14372","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:22.561954Z","receivedAt":"2026-05-15T20:51:22.574708Z"},{"id":2546,"fincertId":"FINCERT-2026-002546","incidentId":14371,"idempotencyKey":"incident-14371","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:22.536700Z","receivedAt":"2026-05-15T20:51:22.547300Z"},{"id":2545,"fincertId":"FINCERT-2026-002545","incidentId":14361,"idempotencyKey":"incident-14361","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:22.347183Z","receivedAt":"2026-05-15T20:51:22.361969Z"},{"id":2544,"fincertId":"FINCERT-2026-002544","incidentId":14354,"idempotencyKey":"incident-14354","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:22.235099Z","receivedAt":"2026-05-15T20:51:22.248193Z"},{"id":2543,"fincertId":"FINCERT-2026-002543","incidentId":14352,"idempotencyKey":"incident-14352","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:22.198743Z","receivedAt":"2026-05-15T20:51:22.210683Z"},{"id":2542,"fincertId":"FINCERT-2026-002542","incidentId":14346,"idempotencyKey":"incident-14346","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:22.088799Z","receivedAt":"2026-05-15T20:51:22.101016Z"},{"id":2541,"fincertId":"FINCERT-2026-002541","incidentId":14343,"idempotencyKey":"incident-14343","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:22.035206Z","receivedAt":"2026-05-15T20:51:22.046537Z"},{"id":2540,"fincertId":"FINCERT-2026-002540","incidentId":14341,"idempotencyKey":"incident-14341","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:21.978659Z","receivedAt":"2026-05-15T20:51:22.003946Z"},{"id":2539,"fincertId":"FINCERT-2026-002539","incidentId":14340,"idempotencyKey":"incident-14340","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:21.943933Z","receivedAt":"2026-05-15T20:51:21.961214Z"},{"id":2538,"fincertId":"FINCERT-2026-002538","incidentId":14339,"idempotencyKey":"incident-14339","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:21.920361Z","receivedAt":"2026-05-15T20:51:21.936498Z"},{"id":2537,"fincertId":"FINCERT-2026-002537","incidentId":14338,"idempotencyKey":"incident-14338","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:21.901866Z","receivedAt":"2026-05-15T20:51:21.913900Z"},{"id":2536,"fincertId":"FINCERT-2026-002536","incidentId":14335,"idempotencyKey":"incident-14335","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:21.837786Z","receivedAt":"2026-05-15T20:51:21.855894Z"},{"id":2535,"fincertId":"FINCERT-2026-002535","incidentId":14334,"idempotencyKey":"incident-14334","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:21.788339Z","receivedAt":"2026-05-15T20:51:21.805569Z"},{"id":2534,"fincertId":"FINCERT-2026-002534","incidentId":14327,"idempotencyKey":"incident-14327","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:21.634652Z","receivedAt":"2026-05-15T20:51:21.655789Z"},{"id":2533,"fincertId":"FINCERT-2026-002533","incidentId":14326,"idempotencyKey":"incident-14326","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:21.596221Z","receivedAt":"2026-05-15T20:51:21.621995Z"},{"id":2532,"fincertId":"FINCERT-2026-002532","incidentId":14317,"idempotencyKey":"incident-14317","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:21.424921Z","receivedAt":"2026-05-15T20:51:21.440960Z"},{"id":2531,"fincertId":"FINCERT-2026-002531","incidentId":14314,"idempotencyKey":"incident-14314","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:21.369646Z","receivedAt":"2026-05-15T20:51:21.385954Z"},{"id":2530,"fincertId":"FINCERT-2026-002530","incidentId":14313,"idempotencyKey":"incident-14313","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:21.316982Z","receivedAt":"2026-05-15T20:51:21.341057Z"},{"id":2529,"fincertId":"FINCERT-2026-002529","incidentId":14309,"idempotencyKey":"incident-14309","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:21.242135Z","receivedAt":"2026-05-15T20:51:21.257640Z"},{"id":2528,"fincertId":"FINCERT-2026-002528","incidentId":14306,"idempotencyKey":"incident-14306","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:21.188680Z","receivedAt":"2026-05-15T20:51:21.201406Z"},{"id":2527,"fincertId":"FINCERT-2026-002527","incidentId":14302,"idempotencyKey":"incident-14302","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:21.113223Z","receivedAt":"2026-05-15T20:51:21.134252Z"},{"id":2526,"fincertId":"FINCERT-2026-002526","incidentId":14298,"idempotencyKey":"incident-14298","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:21.050752Z","receivedAt":"2026-05-15T20:51:21.063006Z"},{"id":2525,"fincertId":"FINCERT-2026-002525","incidentId":14296,"idempotencyKey":"incident-14296","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:21.012487Z","receivedAt":"2026-05-15T20:51:21.029720Z"},{"id":2524,"fincertId":"FINCERT-2026-002524","incidentId":14294,"idempotencyKey":"incident-14294","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:20.952364Z","receivedAt":"2026-05-15T20:51:20.967579Z"},{"id":2523,"fincertId":"FINCERT-2026-002523","incidentId":14293,"idempotencyKey":"incident-14293","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:20.930985Z","receivedAt":"2026-05-15T20:51:20.944767Z"},{"id":2522,"fincertId":"FINCERT-2026-002522","incidentId":14289,"idempotencyKey":"incident-14289","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:20.824328Z","receivedAt":"2026-05-15T20:51:20.859342Z"},{"id":2521,"fincertId":"FINCERT-2026-002521","incidentId":14286,"idempotencyKey":"incident-14286","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:20.754692Z","receivedAt":"2026-05-15T20:51:20.771582Z"},{"id":2520,"fincertId":"FINCERT-2026-002520","incidentId":14285,"idempotencyKey":"incident-14285","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:20.734205Z","receivedAt":"2026-05-15T20:51:20.746836Z"},{"id":2519,"fincertId":"FINCERT-2026-002519","incidentId":14276,"idempotencyKey":"incident-14276","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:20.564885Z","receivedAt":"2026-05-15T20:51:20.577073Z"},{"id":2518,"fincertId":"FINCERT-2026-002518","incidentId":14274,"idempotencyKey":"incident-14274","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:20.527199Z","receivedAt":"2026-05-15T20:51:20.541119Z"},{"id":2517,"fincertId":"FINCERT-2026-002517","incidentId":14273,"idempotencyKey":"incident-14273","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:20.471700Z","receivedAt":"2026-05-15T20:51:20.503387Z"},{"id":2516,"fincertId":"FINCERT-2026-002516","incidentId":14271,"idempotencyKey":"incident-14271","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:20.430225Z","receivedAt":"2026-05-15T20:51:20.443616Z"},{"id":2515,"fincertId":"FINCERT-2026-002515","incidentId":14267,"idempotencyKey":"incident-14267","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:20.362993Z","receivedAt":"2026-05-15T20:51:20.376396Z"},{"id":2514,"fincertId":"FINCERT-2026-002514","incidentId":14262,"idempotencyKey":"incident-14262","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:20.258999Z","receivedAt":"2026-05-15T20:51:20.273565Z"},{"id":2513,"fincertId":"FINCERT-2026-002513","incidentId":14260,"idempotencyKey":"incident-14260","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:20.203102Z","receivedAt":"2026-05-15T20:51:20.219687Z"},{"id":2512,"fincertId":"FINCERT-2026-002512","incidentId":14258,"idempotencyKey":"incident-14258","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:20.166592Z","receivedAt":"2026-05-15T20:51:20.179724Z"},{"id":2511,"fincertId":"FINCERT-2026-002511","incidentId":14256,"idempotencyKey":"incident-14256","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:20.113247Z","receivedAt":"2026-05-15T20:51:20.130440Z"},{"id":2510,"fincertId":"FINCERT-2026-002510","incidentId":14253,"idempotencyKey":"incident-14253","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:20.057814Z","receivedAt":"2026-05-15T20:51:20.070946Z"},{"id":2509,"fincertId":"FINCERT-2026-002509","incidentId":14251,"idempotencyKey":"incident-14251","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:20.012975Z","receivedAt":"2026-05-15T20:51:20.029450Z"},{"id":2508,"fincertId":"FINCERT-2026-002508","incidentId":14250,"idempotencyKey":"incident-14250","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:19.956202Z","receivedAt":"2026-05-15T20:51:19.978102Z"},{"id":2507,"fincertId":"FINCERT-2026-002507","incidentId":14247,"idempotencyKey":"incident-14247","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:19.907824Z","receivedAt":"2026-05-15T20:51:19.918701Z"},{"id":2506,"fincertId":"FINCERT-2026-002506","incidentId":14244,"idempotencyKey":"incident-14244","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:19.861332Z","receivedAt":"2026-05-15T20:51:19.873515Z"},{"id":2505,"fincertId":"FINCERT-2026-002505","incidentId":14240,"idempotencyKey":"incident-14240","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:19.784582Z","receivedAt":"2026-05-15T20:51:19.800563Z"},{"id":2504,"fincertId":"FINCERT-2026-002504","incidentId":14238,"idempotencyKey":"incident-14238","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:19.734484Z","receivedAt":"2026-05-15T20:51:19.759941Z"},{"id":2503,"fincertId":"FINCERT-2026-002503","incidentId":14237,"idempotencyKey":"incident-14237","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:19.714823Z","receivedAt":"2026-05-15T20:51:19.727590Z"},{"id":2502,"fincertId":"FINCERT-2026-002502","incidentId":14236,"idempotencyKey":"incident-14236","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:19.693711Z","receivedAt":"2026-05-15T20:51:19.707054Z"},{"id":2501,"fincertId":"FINCERT-2026-002501","incidentId":14235,"idempotencyKey":"incident-14235","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:19.673373Z","receivedAt":"2026-05-15T20:51:19.687495Z"},{"id":2500,"fincertId":"FINCERT-2026-002500","incidentId":14233,"idempotencyKey":"incident-14233","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:19.610412Z","receivedAt":"2026-05-15T20:51:19.632017Z"},{"id":2499,"fincertId":"FINCERT-2026-002499","incidentId":14230,"idempotencyKey":"incident-14230","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:19.556489Z","receivedAt":"2026-05-15T20:51:19.569425Z"},{"id":2498,"fincertId":"FINCERT-2026-002498","incidentId":14221,"idempotencyKey":"incident-14221","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:19.394448Z","receivedAt":"2026-05-15T20:51:19.408457Z"},{"id":2497,"fincertId":"FINCERT-2026-002497","incidentId":14219,"idempotencyKey":"incident-14219","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:19.351191Z","receivedAt":"2026-05-15T20:51:19.363406Z"},{"id":2496,"fincertId":"FINCERT-2026-002496","incidentId":14217,"idempotencyKey":"incident-14217","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:19.301151Z","receivedAt":"2026-05-15T20:51:19.319481Z"},{"id":2495,"fincertId":"FINCERT-2026-002495","incidentId":14212,"idempotencyKey":"incident-14212","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:19.221034Z","receivedAt":"2026-05-15T20:51:19.233101Z"},{"id":2494,"fincertId":"FINCERT-2026-002494","incidentId":14209,"idempotencyKey":"incident-14209","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:19.119593Z","receivedAt":"2026-05-15T20:51:19.150130Z"},{"id":2493,"fincertId":"FINCERT-2026-002493","incidentId":14204,"idempotencyKey":"incident-14204","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:18.991098Z","receivedAt":"2026-05-15T20:51:19.020374Z"},{"id":2492,"fincertId":"FINCERT-2026-002492","incidentId":14203,"idempotencyKey":"incident-14203","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.915956Z","receivedAt":"2026-05-15T20:51:18.974384Z"},{"id":2491,"fincertId":"FINCERT-2026-002491","incidentId":14200,"idempotencyKey":"incident-14200","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:18.829199Z","receivedAt":"2026-05-15T20:51:18.848701Z"},{"id":2490,"fincertId":"FINCERT-2026-002490","incidentId":14196,"idempotencyKey":"incident-14196","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.756583Z","receivedAt":"2026-05-15T20:51:18.771756Z"},{"id":2489,"fincertId":"FINCERT-2026-002489","incidentId":14193,"idempotencyKey":"incident-14193","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.705754Z","receivedAt":"2026-05-15T20:51:18.719333Z"},{"id":2488,"fincertId":"FINCERT-2026-002488","incidentId":14192,"idempotencyKey":"incident-14192","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.680792Z","receivedAt":"2026-05-15T20:51:18.695727Z"},{"id":2487,"fincertId":"FINCERT-2026-002487","incidentId":14191,"idempotencyKey":"incident-14191","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.657658Z","receivedAt":"2026-05-15T20:51:18.673948Z"},{"id":2486,"fincertId":"FINCERT-2026-002486","incidentId":14188,"idempotencyKey":"incident-14188","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.584097Z","receivedAt":"2026-05-15T20:51:18.600924Z"},{"id":2485,"fincertId":"FINCERT-2026-002485","incidentId":14179,"idempotencyKey":"incident-14179","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.418060Z","receivedAt":"2026-05-15T20:51:18.430057Z"},{"id":2484,"fincertId":"FINCERT-2026-002484","incidentId":14178,"idempotencyKey":"incident-14178","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:18.391037Z","receivedAt":"2026-05-15T20:51:18.402287Z"},{"id":2483,"fincertId":"FINCERT-2026-002483","incidentId":14176,"idempotencyKey":"incident-14176","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:18.354689Z","receivedAt":"2026-05-15T20:51:18.371162Z"},{"id":2482,"fincertId":"FINCERT-2026-002482","incidentId":14169,"idempotencyKey":"incident-14169","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:18.240637Z","receivedAt":"2026-05-15T20:51:18.252681Z"},{"id":2481,"fincertId":"FINCERT-2026-002481","incidentId":14167,"idempotencyKey":"incident-14167","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.206057Z","receivedAt":"2026-05-15T20:51:18.218372Z"},{"id":2480,"fincertId":"FINCERT-2026-002480","incidentId":14162,"idempotencyKey":"incident-14162","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:18.108556Z","receivedAt":"2026-05-15T20:51:18.127648Z"},{"id":2479,"fincertId":"FINCERT-2026-002479","incidentId":14158,"idempotencyKey":"incident-14158","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:18.046317Z","receivedAt":"2026-05-15T20:51:18.057410Z"},{"id":2478,"fincertId":"FINCERT-2026-002478","incidentId":14157,"idempotencyKey":"incident-14157","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:18.024548Z","receivedAt":"2026-05-15T20:51:18.039082Z"},{"id":2477,"fincertId":"FINCERT-2026-002477","incidentId":14151,"idempotencyKey":"incident-14151","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:17.913126Z","receivedAt":"2026-05-15T20:51:17.924583Z"},{"id":2476,"fincertId":"FINCERT-2026-002476","incidentId":14147,"idempotencyKey":"incident-14147","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:17.856497Z","receivedAt":"2026-05-15T20:51:17.866812Z"},{"id":2475,"fincertId":"FINCERT-2026-002475","incidentId":14144,"idempotencyKey":"incident-14144","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:17.796429Z","receivedAt":"2026-05-15T20:51:17.809571Z"},{"id":2474,"fincertId":"FINCERT-2026-002474","incidentId":14140,"idempotencyKey":"incident-14140","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:17.729808Z","receivedAt":"2026-05-15T20:51:17.740963Z"},{"id":2473,"fincertId":"FINCERT-2026-002473","incidentId":14139,"idempotencyKey":"incident-14139","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:17.708217Z","receivedAt":"2026-05-15T20:51:17.724004Z"},{"id":2472,"fincertId":"FINCERT-2026-002472","incidentId":14137,"idempotencyKey":"incident-14137","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:17.661462Z","receivedAt":"2026-05-15T20:51:17.675677Z"},{"id":2471,"fincertId":"FINCERT-2026-002471","incidentId":14135,"idempotencyKey":"incident-14135","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:17.604145Z","receivedAt":"2026-05-15T20:51:17.624669Z"},{"id":2470,"fincertId":"FINCERT-2026-002470","incidentId":14131,"idempotencyKey":"incident-14131","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:17.540547Z","receivedAt":"2026-05-15T20:51:17.551215Z"},{"id":2469,"fincertId":"FINCERT-2026-002469","incidentId":14125,"idempotencyKey":"incident-14125","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:17.424499Z","receivedAt":"2026-05-15T20:51:17.440037Z"},{"id":2468,"fincertId":"FINCERT-2026-002468","incidentId":14123,"idempotencyKey":"incident-14123","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:17.392812Z","receivedAt":"2026-05-15T20:51:17.404645Z"},{"id":2467,"fincertId":"FINCERT-2026-002467","incidentId":14119,"idempotencyKey":"incident-14119","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:17.316629Z","receivedAt":"2026-05-15T20:51:17.333535Z"},{"id":2466,"fincertId":"FINCERT-2026-002466","incidentId":14115,"idempotencyKey":"incident-14115","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:17.256782Z","receivedAt":"2026-05-15T20:51:17.268086Z"},{"id":2465,"fincertId":"FINCERT-2026-002465","incidentId":14111,"idempotencyKey":"incident-14111","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:17.194417Z","receivedAt":"2026-05-15T20:51:17.206063Z"},{"id":2464,"fincertId":"FINCERT-2026-002464","incidentId":14106,"idempotencyKey":"incident-14106","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:17.094047Z","receivedAt":"2026-05-15T20:51:17.108888Z"},{"id":2463,"fincertId":"FINCERT-2026-002463","incidentId":14103,"idempotencyKey":"incident-14103","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:17.045905Z","receivedAt":"2026-05-15T20:51:17.061228Z"},{"id":2462,"fincertId":"FINCERT-2026-002462","incidentId":14101,"idempotencyKey":"incident-14101","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:17.007353Z","receivedAt":"2026-05-15T20:51:17.024115Z"},{"id":2461,"fincertId":"FINCERT-2026-002461","incidentId":14097,"idempotencyKey":"incident-14097","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:16.913749Z","receivedAt":"2026-05-15T20:51:16.925564Z"},{"id":2460,"fincertId":"FINCERT-2026-002460","incidentId":14095,"idempotencyKey":"incident-14095","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:16.878593Z","receivedAt":"2026-05-15T20:51:16.892996Z"},{"id":2459,"fincertId":"FINCERT-2026-002459","incidentId":14093,"idempotencyKey":"incident-14093","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:16.827028Z","receivedAt":"2026-05-15T20:51:16.850761Z"},{"id":2458,"fincertId":"FINCERT-2026-002458","incidentId":14092,"idempotencyKey":"incident-14092","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:16.798717Z","receivedAt":"2026-05-15T20:51:16.817868Z"},{"id":2457,"fincertId":"FINCERT-2026-002457","incidentId":14091,"idempotencyKey":"incident-14091","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:16.776285Z","receivedAt":"2026-05-15T20:51:16.791230Z"},{"id":2456,"fincertId":"FINCERT-2026-002456","incidentId":14087,"idempotencyKey":"incident-14087","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:16.709142Z","receivedAt":"2026-05-15T20:51:16.722978Z"},{"id":2455,"fincertId":"FINCERT-2026-002455","incidentId":14086,"idempotencyKey":"incident-14086","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:16.655025Z","receivedAt":"2026-05-15T20:51:16.681873Z"},{"id":2454,"fincertId":"FINCERT-2026-002454","incidentId":14083,"idempotencyKey":"incident-14083","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:16.547506Z","receivedAt":"2026-05-15T20:51:16.558756Z"},{"id":2453,"fincertId":"FINCERT-2026-002453","incidentId":14073,"idempotencyKey":"incident-14073","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:16.347455Z","receivedAt":"2026-05-15T20:51:16.380838Z"},{"id":2452,"fincertId":"FINCERT-2026-002452","incidentId":14063,"idempotencyKey":"incident-14063","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:16.179799Z","receivedAt":"2026-05-15T20:51:16.191816Z"},{"id":2451,"fincertId":"FINCERT-2026-002451","incidentId":14060,"idempotencyKey":"incident-14060","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:16.121466Z","receivedAt":"2026-05-15T20:51:16.140984Z"},{"id":2450,"fincertId":"FINCERT-2026-002450","incidentId":14058,"idempotencyKey":"incident-14058","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:16.080187Z","receivedAt":"2026-05-15T20:51:16.093614Z"},{"id":2449,"fincertId":"FINCERT-2026-002449","incidentId":14057,"idempotencyKey":"incident-14057","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:16.063421Z","receivedAt":"2026-05-15T20:51:16.074190Z"},{"id":2448,"fincertId":"FINCERT-2026-002448","incidentId":14051,"idempotencyKey":"incident-14051","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:15.950815Z","receivedAt":"2026-05-15T20:51:15.968155Z"},{"id":2447,"fincertId":"FINCERT-2026-002447","incidentId":14048,"idempotencyKey":"incident-14048","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:15.892777Z","receivedAt":"2026-05-15T20:51:15.904758Z"},{"id":2446,"fincertId":"FINCERT-2026-002446","incidentId":14046,"idempotencyKey":"incident-14046","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:15.852734Z","receivedAt":"2026-05-15T20:51:15.872925Z"},{"id":2445,"fincertId":"FINCERT-2026-002445","incidentId":14042,"idempotencyKey":"incident-14042","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:15.768610Z","receivedAt":"2026-05-15T20:51:15.783052Z"},{"id":2444,"fincertId":"FINCERT-2026-002444","incidentId":14039,"idempotencyKey":"incident-14039","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:15.710394Z","receivedAt":"2026-05-15T20:51:15.723715Z"},{"id":2443,"fincertId":"FINCERT-2026-002443","incidentId":14032,"idempotencyKey":"incident-14032","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:15.589359Z","receivedAt":"2026-05-15T20:51:15.601934Z"},{"id":2442,"fincertId":"FINCERT-2026-002442","incidentId":14028,"idempotencyKey":"incident-14028","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:15.521228Z","receivedAt":"2026-05-15T20:51:15.533540Z"},{"id":2441,"fincertId":"FINCERT-2026-002441","incidentId":14023,"idempotencyKey":"incident-14023","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:15.441163Z","receivedAt":"2026-05-15T20:51:15.455523Z"},{"id":2440,"fincertId":"FINCERT-2026-002440","incidentId":14008,"idempotencyKey":"incident-14008","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:14.979918Z","receivedAt":"2026-05-15T20:51:14.999662Z"},{"id":2439,"fincertId":"FINCERT-2026-002439","incidentId":14005,"idempotencyKey":"incident-14005","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:14.909145Z","receivedAt":"2026-05-15T20:51:14.925159Z"},{"id":2438,"fincertId":"FINCERT-2026-002438","incidentId":13998,"idempotencyKey":"incident-13998","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:14.775963Z","receivedAt":"2026-05-15T20:51:14.787654Z"},{"id":2437,"fincertId":"FINCERT-2026-002437","incidentId":13995,"idempotencyKey":"incident-13995","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:14.719390Z","receivedAt":"2026-05-15T20:51:14.732819Z"},{"id":2436,"fincertId":"FINCERT-2026-002436","incidentId":13990,"idempotencyKey":"incident-13990","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:14.614936Z","receivedAt":"2026-05-15T20:51:14.638852Z"},{"id":2435,"fincertId":"FINCERT-2026-002435","incidentId":13988,"idempotencyKey":"incident-13988","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:14.571911Z","receivedAt":"2026-05-15T20:51:14.586024Z"},{"id":2434,"fincertId":"FINCERT-2026-002434","incidentId":13985,"idempotencyKey":"incident-13985","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:14.514932Z","receivedAt":"2026-05-15T20:51:14.527829Z"},{"id":2433,"fincertId":"FINCERT-2026-002433","incidentId":13983,"idempotencyKey":"incident-13983","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:14.459122Z","receivedAt":"2026-05-15T20:51:14.482473Z"},{"id":2432,"fincertId":"FINCERT-2026-002432","incidentId":13979,"idempotencyKey":"incident-13979","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:14.395797Z","receivedAt":"2026-05-15T20:51:14.410806Z"},{"id":2431,"fincertId":"FINCERT-2026-002431","incidentId":13978,"idempotencyKey":"incident-13978","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:14.376458Z","receivedAt":"2026-05-15T20:51:14.389474Z"},{"id":2430,"fincertId":"FINCERT-2026-002430","incidentId":13974,"idempotencyKey":"incident-13974","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:14.297326Z","receivedAt":"2026-05-15T20:51:14.318754Z"},{"id":2429,"fincertId":"FINCERT-2026-002429","incidentId":13972,"idempotencyKey":"incident-13972","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:14.254839Z","receivedAt":"2026-05-15T20:51:14.266096Z"},{"id":2428,"fincertId":"FINCERT-2026-002428","incidentId":13964,"idempotencyKey":"incident-13964","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:14.060380Z","receivedAt":"2026-05-15T20:51:14.080876Z"},{"id":2427,"fincertId":"FINCERT-2026-002427","incidentId":13961,"idempotencyKey":"incident-13961","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:13.949946Z","receivedAt":"2026-05-15T20:51:13.965343Z"},{"id":2426,"fincertId":"FINCERT-2026-002426","incidentId":13956,"idempotencyKey":"incident-13956","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:13.811621Z","receivedAt":"2026-05-15T20:51:13.833973Z"},{"id":2425,"fincertId":"FINCERT-2026-002425","incidentId":13954,"idempotencyKey":"incident-13954","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:13.773742Z","receivedAt":"2026-05-15T20:51:13.787502Z"},{"id":2424,"fincertId":"FINCERT-2026-002424","incidentId":13953,"idempotencyKey":"incident-13953","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:13.738899Z","receivedAt":"2026-05-15T20:51:13.755409Z"},{"id":2423,"fincertId":"FINCERT-2026-002423","incidentId":13950,"idempotencyKey":"incident-13950","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:13.689846Z","receivedAt":"2026-05-15T20:51:13.702067Z"},{"id":2422,"fincertId":"FINCERT-2026-002422","incidentId":13948,"idempotencyKey":"incident-13948","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:13.645954Z","receivedAt":"2026-05-15T20:51:13.662775Z"},{"id":2421,"fincertId":"FINCERT-2026-002421","incidentId":13945,"idempotencyKey":"incident-13945","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:13.581342Z","receivedAt":"2026-05-15T20:51:13.596972Z"},{"id":2420,"fincertId":"FINCERT-2026-002420","incidentId":13944,"idempotencyKey":"incident-13944","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:13.552920Z","receivedAt":"2026-05-15T20:51:13.566772Z"},{"id":2419,"fincertId":"FINCERT-2026-002419","incidentId":13941,"idempotencyKey":"incident-13941","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:13.498810Z","receivedAt":"2026-05-15T20:51:13.514416Z"},{"id":2418,"fincertId":"FINCERT-2026-002418","incidentId":13940,"idempotencyKey":"incident-13940","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:13.460722Z","receivedAt":"2026-05-15T20:51:13.488713Z"},{"id":2417,"fincertId":"FINCERT-2026-002417","incidentId":13935,"idempotencyKey":"incident-13935","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:13.368419Z","receivedAt":"2026-05-15T20:51:13.384831Z"},{"id":2416,"fincertId":"FINCERT-2026-002416","incidentId":13933,"idempotencyKey":"incident-13933","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:13.296971Z","receivedAt":"2026-05-15T20:51:13.315094Z"},{"id":2415,"fincertId":"FINCERT-2026-002415","incidentId":13931,"idempotencyKey":"incident-13931","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:13.260995Z","receivedAt":"2026-05-15T20:51:13.274334Z"},{"id":2414,"fincertId":"FINCERT-2026-002414","incidentId":13926,"idempotencyKey":"incident-13926","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:13.174353Z","receivedAt":"2026-05-15T20:51:13.186861Z"},{"id":2413,"fincertId":"FINCERT-2026-002413","incidentId":13925,"idempotencyKey":"incident-13925","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:13.148517Z","receivedAt":"2026-05-15T20:51:13.161870Z"},{"id":2412,"fincertId":"FINCERT-2026-002412","incidentId":13916,"idempotencyKey":"incident-13916","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:12.906145Z","receivedAt":"2026-05-15T20:51:12.948716Z"},{"id":2411,"fincertId":"FINCERT-2026-002411","incidentId":13915,"idempotencyKey":"incident-13915","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:12.823613Z","receivedAt":"2026-05-15T20:51:12.859004Z"},{"id":2410,"fincertId":"FINCERT-2026-002410","incidentId":13913,"idempotencyKey":"incident-13913","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:12.752481Z","receivedAt":"2026-05-15T20:51:12.767755Z"},{"id":2409,"fincertId":"FINCERT-2026-002409","incidentId":13888,"idempotencyKey":"incident-13888","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:11.965954Z","receivedAt":"2026-05-15T20:51:11.997536Z"},{"id":2408,"fincertId":"FINCERT-2026-002408","incidentId":13884,"idempotencyKey":"incident-13884","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:11.890049Z","receivedAt":"2026-05-15T20:51:11.904790Z"},{"id":2407,"fincertId":"FINCERT-2026-002407","incidentId":13883,"idempotencyKey":"incident-13883","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:11.866514Z","receivedAt":"2026-05-15T20:51:11.881931Z"},{"id":2406,"fincertId":"FINCERT-2026-002406","incidentId":13878,"idempotencyKey":"incident-13878","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:11.758074Z","receivedAt":"2026-05-15T20:51:11.777967Z"},{"id":2405,"fincertId":"FINCERT-2026-002405","incidentId":13869,"idempotencyKey":"incident-13869","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:11.574371Z","receivedAt":"2026-05-15T20:51:11.587898Z"},{"id":2404,"fincertId":"FINCERT-2026-002404","incidentId":13860,"idempotencyKey":"incident-13860","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:11.412623Z","receivedAt":"2026-05-15T20:51:11.424089Z"},{"id":2403,"fincertId":"FINCERT-2026-002403","incidentId":13857,"idempotencyKey":"incident-13857","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:11.358339Z","receivedAt":"2026-05-15T20:51:11.376370Z"},{"id":2402,"fincertId":"FINCERT-2026-002402","incidentId":13856,"idempotencyKey":"incident-13856","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:11.315876Z","receivedAt":"2026-05-15T20:51:11.347310Z"},{"id":2401,"fincertId":"FINCERT-2026-002401","incidentId":13851,"idempotencyKey":"incident-13851","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:11.229923Z","receivedAt":"2026-05-15T20:51:11.242930Z"},{"id":2400,"fincertId":"FINCERT-2026-002400","incidentId":13850,"idempotencyKey":"incident-13850","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:11.210778Z","receivedAt":"2026-05-15T20:51:11.223325Z"},{"id":2399,"fincertId":"FINCERT-2026-002399","incidentId":13849,"idempotencyKey":"incident-13849","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:11.192941Z","receivedAt":"2026-05-15T20:51:11.204779Z"},{"id":2398,"fincertId":"FINCERT-2026-002398","incidentId":13842,"idempotencyKey":"incident-13842","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:11.079647Z","receivedAt":"2026-05-15T20:51:11.093999Z"},{"id":2397,"fincertId":"FINCERT-2026-002397","incidentId":13841,"idempotencyKey":"incident-13841","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:11.052023Z","receivedAt":"2026-05-15T20:51:11.065458Z"},{"id":2396,"fincertId":"FINCERT-2026-002396","incidentId":13840,"idempotencyKey":"incident-13840","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:11.027098Z","receivedAt":"2026-05-15T20:51:11.041925Z"},{"id":2395,"fincertId":"FINCERT-2026-002395","incidentId":13839,"idempotencyKey":"incident-13839","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:10.975011Z","receivedAt":"2026-05-15T20:51:10.999017Z"},{"id":2394,"fincertId":"FINCERT-2026-002394","incidentId":13836,"idempotencyKey":"incident-13836","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:10.909448Z","receivedAt":"2026-05-15T20:51:10.921303Z"},{"id":2393,"fincertId":"FINCERT-2026-002393","incidentId":13828,"idempotencyKey":"incident-13828","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:10.763995Z","receivedAt":"2026-05-15T20:51:10.777533Z"},{"id":2392,"fincertId":"FINCERT-2026-002392","incidentId":13827,"idempotencyKey":"incident-13827","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:10.734726Z","receivedAt":"2026-05-15T20:51:10.748518Z"},{"id":2391,"fincertId":"FINCERT-2026-002391","incidentId":13823,"idempotencyKey":"incident-13823","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:10.671222Z","receivedAt":"2026-05-15T20:51:10.685061Z"},{"id":2390,"fincertId":"FINCERT-2026-002390","incidentId":13815,"idempotencyKey":"incident-13815","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:10.509449Z","receivedAt":"2026-05-15T20:51:10.535151Z"},{"id":2389,"fincertId":"FINCERT-2026-002389","incidentId":13812,"idempotencyKey":"incident-13812","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:10.427790Z","receivedAt":"2026-05-15T20:51:10.443071Z"},{"id":2388,"fincertId":"FINCERT-2026-002388","incidentId":13811,"idempotencyKey":"incident-13811","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:10.407641Z","receivedAt":"2026-05-15T20:51:10.420928Z"},{"id":2387,"fincertId":"FINCERT-2026-002387","incidentId":13810,"idempotencyKey":"incident-13810","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:10.376309Z","receivedAt":"2026-05-15T20:51:10.390988Z"},{"id":2386,"fincertId":"FINCERT-2026-002386","incidentId":13806,"idempotencyKey":"incident-13806","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:10.290804Z","receivedAt":"2026-05-15T20:51:10.302446Z"},{"id":2385,"fincertId":"FINCERT-2026-002385","incidentId":13805,"idempotencyKey":"incident-13805","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:10.271917Z","receivedAt":"2026-05-15T20:51:10.283614Z"},{"id":2384,"fincertId":"FINCERT-2026-002384","incidentId":13800,"idempotencyKey":"incident-13800","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:10.190102Z","receivedAt":"2026-05-15T20:51:10.202527Z"},{"id":2383,"fincertId":"FINCERT-2026-002383","incidentId":13799,"idempotencyKey":"incident-13799","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:10.156417Z","receivedAt":"2026-05-15T20:51:10.172690Z"},{"id":2382,"fincertId":"FINCERT-2026-002382","incidentId":13796,"idempotencyKey":"incident-13796","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:10.081104Z","receivedAt":"2026-05-15T20:51:10.094098Z"},{"id":2381,"fincertId":"FINCERT-2026-002381","incidentId":13795,"idempotencyKey":"incident-13795","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:10.058773Z","receivedAt":"2026-05-15T20:51:10.073535Z"},{"id":2380,"fincertId":"FINCERT-2026-002380","incidentId":13792,"idempotencyKey":"incident-13792","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:09.990620Z","receivedAt":"2026-05-15T20:51:10.004716Z"},{"id":2379,"fincertId":"FINCERT-2026-002379","incidentId":13787,"idempotencyKey":"incident-13787","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:09.900406Z","receivedAt":"2026-05-15T20:51:09.912708Z"},{"id":2378,"fincertId":"FINCERT-2026-002378","incidentId":13784,"idempotencyKey":"incident-13784","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:09.826361Z","receivedAt":"2026-05-15T20:51:09.846930Z"},{"id":2377,"fincertId":"FINCERT-2026-002377","incidentId":13782,"idempotencyKey":"incident-13782","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:09.772085Z","receivedAt":"2026-05-15T20:51:09.785106Z"},{"id":2376,"fincertId":"FINCERT-2026-002376","incidentId":13774,"idempotencyKey":"incident-13774","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:09.629611Z","receivedAt":"2026-05-15T20:51:09.650543Z"},{"id":2375,"fincertId":"FINCERT-2026-002375","incidentId":13761,"idempotencyKey":"incident-13761","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:09.372047Z","receivedAt":"2026-05-15T20:51:09.383527Z"},{"id":2374,"fincertId":"FINCERT-2026-002374","incidentId":13760,"idempotencyKey":"incident-13760","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:09.354115Z","receivedAt":"2026-05-15T20:51:09.365418Z"},{"id":2373,"fincertId":"FINCERT-2026-002373","incidentId":13756,"idempotencyKey":"incident-13756","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:09.274578Z","receivedAt":"2026-05-15T20:51:09.290060Z"},{"id":2372,"fincertId":"FINCERT-2026-002372","incidentId":13755,"idempotencyKey":"incident-13755","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:09.253798Z","receivedAt":"2026-05-15T20:51:09.266795Z"},{"id":2371,"fincertId":"FINCERT-2026-002371","incidentId":13752,"idempotencyKey":"incident-13752","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:09.197758Z","receivedAt":"2026-05-15T20:51:09.211672Z"},{"id":2370,"fincertId":"FINCERT-2026-002370","incidentId":13747,"idempotencyKey":"incident-13747","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:09.049017Z","receivedAt":"2026-05-15T20:51:09.079353Z"},{"id":2369,"fincertId":"FINCERT-2026-002369","incidentId":13730,"idempotencyKey":"incident-13730","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:08.627285Z","receivedAt":"2026-05-15T20:51:08.669775Z"},{"id":2368,"fincertId":"FINCERT-2026-002368","incidentId":13729,"idempotencyKey":"incident-13729","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:08.579997Z","receivedAt":"2026-05-15T20:51:08.593528Z"},{"id":2367,"fincertId":"FINCERT-2026-002367","incidentId":13728,"idempotencyKey":"incident-13728","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:08.559296Z","receivedAt":"2026-05-15T20:51:08.572459Z"},{"id":2366,"fincertId":"FINCERT-2026-002366","incidentId":13727,"idempotencyKey":"incident-13727","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:08.541547Z","receivedAt":"2026-05-15T20:51:08.552323Z"},{"id":2365,"fincertId":"FINCERT-2026-002365","incidentId":13726,"idempotencyKey":"incident-13726","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:08.519433Z","receivedAt":"2026-05-15T20:51:08.534988Z"},{"id":2364,"fincertId":"FINCERT-2026-002364","incidentId":13723,"idempotencyKey":"incident-13723","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:08.454832Z","receivedAt":"2026-05-15T20:51:08.470813Z"},{"id":2363,"fincertId":"FINCERT-2026-002363","incidentId":13720,"idempotencyKey":"incident-13720","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:08.404879Z","receivedAt":"2026-05-15T20:51:08.418637Z"},{"id":2362,"fincertId":"FINCERT-2026-002362","incidentId":13718,"idempotencyKey":"incident-13718","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:08.368446Z","receivedAt":"2026-05-15T20:51:08.379920Z"},{"id":2361,"fincertId":"FINCERT-2026-002361","incidentId":13717,"idempotencyKey":"incident-13717","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:08.332850Z","receivedAt":"2026-05-15T20:51:08.353410Z"},{"id":2360,"fincertId":"FINCERT-2026-002360","incidentId":13712,"idempotencyKey":"incident-13712","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:08.247535Z","receivedAt":"2026-05-15T20:51:08.260150Z"},{"id":2359,"fincertId":"FINCERT-2026-002359","incidentId":13707,"idempotencyKey":"incident-13707","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:08.169470Z","receivedAt":"2026-05-15T20:51:08.182284Z"},{"id":2358,"fincertId":"FINCERT-2026-002358","incidentId":13705,"idempotencyKey":"incident-13705","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:08.106750Z","receivedAt":"2026-05-15T20:51:08.132854Z"},{"id":2357,"fincertId":"FINCERT-2026-002357","incidentId":13703,"idempotencyKey":"incident-13703","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:08.066881Z","receivedAt":"2026-05-15T20:51:08.081548Z"},{"id":2356,"fincertId":"FINCERT-2026-002356","incidentId":13699,"idempotencyKey":"incident-13699","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:07.993065Z","receivedAt":"2026-05-15T20:51:08.016598Z"},{"id":2355,"fincertId":"FINCERT-2026-002355","incidentId":13697,"idempotencyKey":"incident-13697","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:07.935552Z","receivedAt":"2026-05-15T20:51:07.950874Z"},{"id":2354,"fincertId":"FINCERT-2026-002354","incidentId":13696,"idempotencyKey":"incident-13696","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:07.913758Z","receivedAt":"2026-05-15T20:51:07.927709Z"},{"id":2353,"fincertId":"FINCERT-2026-002353","incidentId":13684,"idempotencyKey":"incident-13684","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:07.694798Z","receivedAt":"2026-05-15T20:51:07.707213Z"},{"id":2352,"fincertId":"FINCERT-2026-002352","incidentId":13683,"idempotencyKey":"incident-13683","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:07.674786Z","receivedAt":"2026-05-15T20:51:07.687786Z"},{"id":2351,"fincertId":"FINCERT-2026-002351","incidentId":13672,"idempotencyKey":"incident-13672","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:07.490137Z","receivedAt":"2026-05-15T20:51:07.503901Z"},{"id":2350,"fincertId":"FINCERT-2026-002350","incidentId":13671,"idempotencyKey":"incident-13671","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:07.455061Z","receivedAt":"2026-05-15T20:51:07.471457Z"},{"id":2349,"fincertId":"FINCERT-2026-002349","incidentId":13668,"idempotencyKey":"incident-13668","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:07.409672Z","receivedAt":"2026-05-15T20:51:07.421361Z"},{"id":2348,"fincertId":"FINCERT-2026-002348","incidentId":13666,"idempotencyKey":"incident-13666","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:07.367045Z","receivedAt":"2026-05-15T20:51:07.381156Z"},{"id":2347,"fincertId":"FINCERT-2026-002347","incidentId":13665,"idempotencyKey":"incident-13665","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:07.332326Z","receivedAt":"2026-05-15T20:51:07.352719Z"},{"id":2346,"fincertId":"FINCERT-2026-002346","incidentId":13662,"idempotencyKey":"incident-13662","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:07.272109Z","receivedAt":"2026-05-15T20:51:07.284705Z"},{"id":2345,"fincertId":"FINCERT-2026-002345","incidentId":13659,"idempotencyKey":"incident-13659","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:07.223133Z","receivedAt":"2026-05-15T20:51:07.236249Z"},{"id":2344,"fincertId":"FINCERT-2026-002344","incidentId":13643,"idempotencyKey":"incident-13643","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:06.953495Z","receivedAt":"2026-05-15T20:51:06.971817Z"},{"id":2343,"fincertId":"FINCERT-2026-002343","incidentId":13639,"idempotencyKey":"incident-13639","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:06.896512Z","receivedAt":"2026-05-15T20:51:06.908530Z"},{"id":2342,"fincertId":"FINCERT-2026-002342","incidentId":13633,"idempotencyKey":"incident-13633","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:06.782130Z","receivedAt":"2026-05-15T20:51:06.798373Z"},{"id":2341,"fincertId":"FINCERT-2026-002341","incidentId":13631,"idempotencyKey":"incident-13631","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:06.744675Z","receivedAt":"2026-05-15T20:51:06.759300Z"},{"id":2340,"fincertId":"FINCERT-2026-002340","incidentId":13630,"idempotencyKey":"incident-13630","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:06.717104Z","receivedAt":"2026-05-15T20:51:06.737191Z"},{"id":2339,"fincertId":"FINCERT-2026-002339","incidentId":13629,"idempotencyKey":"incident-13629","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:06.619028Z","receivedAt":"2026-05-15T20:51:06.680002Z"},{"id":2338,"fincertId":"FINCERT-2026-002338","incidentId":13627,"idempotencyKey":"incident-13627","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:06.511531Z","receivedAt":"2026-05-15T20:51:06.548155Z"},{"id":2337,"fincertId":"FINCERT-2026-002337","incidentId":13624,"idempotencyKey":"incident-13624","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:06.407944Z","receivedAt":"2026-05-15T20:51:06.430037Z"},{"id":2336,"fincertId":"FINCERT-2026-002336","incidentId":13623,"idempotencyKey":"incident-13623","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:06.378318Z","receivedAt":"2026-05-15T20:51:06.389946Z"},{"id":2335,"fincertId":"FINCERT-2026-002335","incidentId":13621,"idempotencyKey":"incident-13621","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:06.340322Z","receivedAt":"2026-05-15T20:51:06.357744Z"},{"id":2334,"fincertId":"FINCERT-2026-002334","incidentId":13617,"idempotencyKey":"incident-13617","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:06.256393Z","receivedAt":"2026-05-15T20:51:06.270052Z"},{"id":2333,"fincertId":"FINCERT-2026-002333","incidentId":13615,"idempotencyKey":"incident-13615","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:06.221450Z","receivedAt":"2026-05-15T20:51:06.234856Z"},{"id":2332,"fincertId":"FINCERT-2026-002332","incidentId":13609,"idempotencyKey":"incident-13609","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:06.106088Z","receivedAt":"2026-05-15T20:51:06.126829Z"},{"id":2331,"fincertId":"FINCERT-2026-002331","incidentId":13605,"idempotencyKey":"incident-13605","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:06.029281Z","receivedAt":"2026-05-15T20:51:06.052323Z"},{"id":2330,"fincertId":"FINCERT-2026-002330","incidentId":13604,"idempotencyKey":"incident-13604","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:05.993106Z","receivedAt":"2026-05-15T20:51:06.017398Z"},{"id":2329,"fincertId":"FINCERT-2026-002329","incidentId":13597,"idempotencyKey":"incident-13597","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:05.850621Z","receivedAt":"2026-05-15T20:51:05.864878Z"},{"id":2328,"fincertId":"FINCERT-2026-002328","incidentId":13593,"idempotencyKey":"incident-13593","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:05.771640Z","receivedAt":"2026-05-15T20:51:05.784347Z"},{"id":2327,"fincertId":"FINCERT-2026-002327","incidentId":13592,"idempotencyKey":"incident-13592","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:05.750875Z","receivedAt":"2026-05-15T20:51:05.765097Z"},{"id":2326,"fincertId":"FINCERT-2026-002326","incidentId":13591,"idempotencyKey":"incident-13591","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:05.722695Z","receivedAt":"2026-05-15T20:51:05.735524Z"},{"id":2325,"fincertId":"FINCERT-2026-002325","incidentId":13585,"idempotencyKey":"incident-13585","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:05.605882Z","receivedAt":"2026-05-15T20:51:05.623165Z"},{"id":2324,"fincertId":"FINCERT-2026-002324","incidentId":13580,"idempotencyKey":"incident-13580","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:05.522083Z","receivedAt":"2026-05-15T20:51:05.535602Z"},{"id":2323,"fincertId":"FINCERT-2026-002323","incidentId":13579,"idempotencyKey":"incident-13579","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:05.503934Z","receivedAt":"2026-05-15T20:51:05.515103Z"},{"id":2322,"fincertId":"FINCERT-2026-002322","incidentId":13577,"idempotencyKey":"incident-13577","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:05.461452Z","receivedAt":"2026-05-15T20:51:05.481746Z"},{"id":2321,"fincertId":"FINCERT-2026-002321","incidentId":13576,"idempotencyKey":"incident-13576","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:05.434592Z","receivedAt":"2026-05-15T20:51:05.445762Z"},{"id":2320,"fincertId":"FINCERT-2026-002320","incidentId":13568,"idempotencyKey":"incident-13568","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:05.295767Z","receivedAt":"2026-05-15T20:51:05.310096Z"},{"id":2319,"fincertId":"FINCERT-2026-002319","incidentId":13561,"idempotencyKey":"incident-13561","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:05.190024Z","receivedAt":"2026-05-15T20:51:05.201957Z"},{"id":2318,"fincertId":"FINCERT-2026-002318","incidentId":13553,"idempotencyKey":"incident-13553","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:05.061332Z","receivedAt":"2026-05-15T20:51:05.073029Z"},{"id":2317,"fincertId":"FINCERT-2026-002317","incidentId":13546,"idempotencyKey":"incident-13546","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:04.916144Z","receivedAt":"2026-05-15T20:51:04.932979Z"},{"id":2316,"fincertId":"FINCERT-2026-002316","incidentId":13544,"idempotencyKey":"incident-13544","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:04.874028Z","receivedAt":"2026-05-15T20:51:04.893882Z"},{"id":2315,"fincertId":"FINCERT-2026-002315","incidentId":13541,"idempotencyKey":"incident-13541","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:04.789524Z","receivedAt":"2026-05-15T20:51:04.801980Z"},{"id":2314,"fincertId":"FINCERT-2026-002314","incidentId":13540,"idempotencyKey":"incident-13540","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:04.766752Z","receivedAt":"2026-05-15T20:51:04.781580Z"},{"id":2313,"fincertId":"FINCERT-2026-002313","incidentId":13538,"idempotencyKey":"incident-13538","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:04.727629Z","receivedAt":"2026-05-15T20:51:04.743037Z"},{"id":2312,"fincertId":"FINCERT-2026-002312","incidentId":13531,"idempotencyKey":"incident-13531","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:04.568528Z","receivedAt":"2026-05-15T20:51:04.580808Z"},{"id":2311,"fincertId":"FINCERT-2026-002311","incidentId":13528,"idempotencyKey":"incident-13528","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:04.470511Z","receivedAt":"2026-05-15T20:51:04.512516Z"},{"id":2310,"fincertId":"FINCERT-2026-002310","incidentId":13525,"idempotencyKey":"incident-13525","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:04.392798Z","receivedAt":"2026-05-15T20:51:04.410356Z"},{"id":2309,"fincertId":"FINCERT-2026-002309","incidentId":13523,"idempotencyKey":"incident-13523","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:04.346702Z","receivedAt":"2026-05-15T20:51:04.368542Z"},{"id":2308,"fincertId":"FINCERT-2026-002308","incidentId":13520,"idempotencyKey":"incident-13520","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:04.285131Z","receivedAt":"2026-05-15T20:51:04.296384Z"},{"id":2307,"fincertId":"FINCERT-2026-002307","incidentId":13513,"idempotencyKey":"incident-13513","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:04.177617Z","receivedAt":"2026-05-15T20:51:04.189792Z"},{"id":2306,"fincertId":"FINCERT-2026-002306","incidentId":13512,"idempotencyKey":"incident-13512","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:04.157048Z","receivedAt":"2026-05-15T20:51:04.170934Z"},{"id":2305,"fincertId":"FINCERT-2026-002305","incidentId":13511,"idempotencyKey":"incident-13511","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:04.130372Z","receivedAt":"2026-05-15T20:51:04.149968Z"},{"id":2304,"fincertId":"FINCERT-2026-002304","incidentId":13509,"idempotencyKey":"incident-13509","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:04.086800Z","receivedAt":"2026-05-15T20:51:04.100217Z"},{"id":2303,"fincertId":"FINCERT-2026-002303","incidentId":13503,"idempotencyKey":"incident-13503","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:03.943689Z","receivedAt":"2026-05-15T20:51:03.957019Z"},{"id":2302,"fincertId":"FINCERT-2026-002302","incidentId":13500,"idempotencyKey":"incident-13500","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:03.893642Z","receivedAt":"2026-05-15T20:51:03.910965Z"},{"id":2301,"fincertId":"FINCERT-2026-002301","incidentId":13496,"idempotencyKey":"incident-13496","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:03.791600Z","receivedAt":"2026-05-15T20:51:03.809738Z"},{"id":2300,"fincertId":"FINCERT-2026-002300","incidentId":13495,"idempotencyKey":"incident-13495","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:03.759541Z","receivedAt":"2026-05-15T20:51:03.774777Z"},{"id":2299,"fincertId":"FINCERT-2026-002299","incidentId":13492,"idempotencyKey":"incident-13492","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:03.706819Z","receivedAt":"2026-05-15T20:51:03.720249Z"},{"id":2298,"fincertId":"FINCERT-2026-002298","incidentId":13491,"idempotencyKey":"incident-13491","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:03.684529Z","receivedAt":"2026-05-15T20:51:03.698725Z"},{"id":2297,"fincertId":"FINCERT-2026-002297","incidentId":13486,"idempotencyKey":"incident-13486","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:03.589630Z","receivedAt":"2026-05-15T20:51:03.603251Z"},{"id":2296,"fincertId":"FINCERT-2026-002296","incidentId":13484,"idempotencyKey":"incident-13484","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:03.554775Z","receivedAt":"2026-05-15T20:51:03.568347Z"},{"id":2295,"fincertId":"FINCERT-2026-002295","incidentId":13483,"idempotencyKey":"incident-13483","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:03.524968Z","receivedAt":"2026-05-15T20:51:03.537854Z"},{"id":2294,"fincertId":"FINCERT-2026-002294","incidentId":13482,"idempotencyKey":"incident-13482","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:03.495884Z","receivedAt":"2026-05-15T20:51:03.518636Z"},{"id":2293,"fincertId":"FINCERT-2026-002293","incidentId":13479,"idempotencyKey":"incident-13479","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:03.430124Z","receivedAt":"2026-05-15T20:51:03.442405Z"},{"id":2292,"fincertId":"FINCERT-2026-002292","incidentId":13477,"idempotencyKey":"incident-13477","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:03.392201Z","receivedAt":"2026-05-15T20:51:03.408274Z"},{"id":2291,"fincertId":"FINCERT-2026-002291","incidentId":13475,"idempotencyKey":"incident-13475","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:03.341609Z","receivedAt":"2026-05-15T20:51:03.370310Z"},{"id":2290,"fincertId":"FINCERT-2026-002290","incidentId":13473,"idempotencyKey":"incident-13473","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:51:03.291034Z","receivedAt":"2026-05-15T20:51:03.307143Z"},{"id":2289,"fincertId":"FINCERT-2026-002289","incidentId":13472,"idempotencyKey":"incident-13472","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:03.256030Z","receivedAt":"2026-05-15T20:51:03.271969Z"},{"id":2288,"fincertId":"FINCERT-2026-002288","incidentId":13468,"idempotencyKey":"incident-13468","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:03.166960Z","receivedAt":"2026-05-15T20:51:03.179991Z"},{"id":2287,"fincertId":"FINCERT-2026-002287","incidentId":13461,"idempotencyKey":"incident-13461","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:03.040902Z","receivedAt":"2026-05-15T20:51:03.053893Z"},{"id":2286,"fincertId":"FINCERT-2026-002286","incidentId":13458,"idempotencyKey":"incident-13458","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:02.966589Z","receivedAt":"2026-05-15T20:51:02.985055Z"},{"id":2285,"fincertId":"FINCERT-2026-002285","incidentId":13456,"idempotencyKey":"incident-13456","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:02.914767Z","receivedAt":"2026-05-15T20:51:02.929788Z"},{"id":2284,"fincertId":"FINCERT-2026-002284","incidentId":13453,"idempotencyKey":"incident-13453","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:02.844555Z","receivedAt":"2026-05-15T20:51:02.863096Z"},{"id":2283,"fincertId":"FINCERT-2026-002283","incidentId":13450,"idempotencyKey":"incident-13450","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:02.763415Z","receivedAt":"2026-05-15T20:51:02.776408Z"},{"id":2282,"fincertId":"FINCERT-2026-002282","incidentId":13434,"idempotencyKey":"incident-13434","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:02.403252Z","receivedAt":"2026-05-15T20:51:02.415768Z"},{"id":2281,"fincertId":"FINCERT-2026-002281","incidentId":13430,"idempotencyKey":"incident-13430","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:02.302604Z","receivedAt":"2026-05-15T20:51:02.320466Z"},{"id":2280,"fincertId":"FINCERT-2026-002280","incidentId":13429,"idempotencyKey":"incident-13429","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:02.273826Z","receivedAt":"2026-05-15T20:51:02.287116Z"},{"id":2279,"fincertId":"FINCERT-2026-002279","incidentId":13413,"idempotencyKey":"incident-13413","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:01.980316Z","receivedAt":"2026-05-15T20:51:02.013246Z"},{"id":2278,"fincertId":"FINCERT-2026-002278","incidentId":13408,"idempotencyKey":"incident-13408","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:01.848632Z","receivedAt":"2026-05-15T20:51:01.880807Z"},{"id":2277,"fincertId":"FINCERT-2026-002277","incidentId":13407,"idempotencyKey":"incident-13407","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:01.799083Z","receivedAt":"2026-05-15T20:51:01.827815Z"},{"id":2276,"fincertId":"FINCERT-2026-002276","incidentId":13405,"idempotencyKey":"incident-13405","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:01.738887Z","receivedAt":"2026-05-15T20:51:01.753867Z"},{"id":2275,"fincertId":"FINCERT-2026-002275","incidentId":13403,"idempotencyKey":"incident-13403","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:51:01.654066Z","receivedAt":"2026-05-15T20:51:01.691846Z"},{"id":2274,"fincertId":"FINCERT-2026-002274","incidentId":13399,"idempotencyKey":"incident-13399","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:01.550802Z","receivedAt":"2026-05-15T20:51:01.575330Z"},{"id":2273,"fincertId":"FINCERT-2026-002273","incidentId":13397,"idempotencyKey":"incident-13397","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:01.468887Z","receivedAt":"2026-05-15T20:51:01.498844Z"},{"id":2272,"fincertId":"FINCERT-2026-002272","incidentId":13395,"idempotencyKey":"incident-13395","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:01.423385Z","receivedAt":"2026-05-15T20:51:01.440677Z"},{"id":2271,"fincertId":"FINCERT-2026-002271","incidentId":13394,"idempotencyKey":"incident-13394","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:01.406456Z","receivedAt":"2026-05-15T20:51:01.417339Z"},{"id":2270,"fincertId":"FINCERT-2026-002270","incidentId":13391,"idempotencyKey":"incident-13391","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:01.364625Z","receivedAt":"2026-05-15T20:51:01.376570Z"},{"id":2269,"fincertId":"FINCERT-2026-002269","incidentId":13388,"idempotencyKey":"incident-13388","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:01.301143Z","receivedAt":"2026-05-15T20:51:01.319287Z"},{"id":2268,"fincertId":"FINCERT-2026-002268","incidentId":13385,"idempotencyKey":"incident-13385","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:01.245456Z","receivedAt":"2026-05-15T20:51:01.263486Z"},{"id":2267,"fincertId":"FINCERT-2026-002267","incidentId":13380,"idempotencyKey":"incident-13380","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:01.162100Z","receivedAt":"2026-05-15T20:51:01.174083Z"},{"id":2266,"fincertId":"FINCERT-2026-002266","incidentId":13376,"idempotencyKey":"incident-13376","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:01.095324Z","receivedAt":"2026-05-15T20:51:01.109095Z"},{"id":2265,"fincertId":"FINCERT-2026-002265","incidentId":13374,"idempotencyKey":"incident-13374","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:01.063187Z","receivedAt":"2026-05-15T20:51:01.076373Z"},{"id":2264,"fincertId":"FINCERT-2026-002264","incidentId":13371,"idempotencyKey":"incident-13371","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:00.974240Z","receivedAt":"2026-05-15T20:51:01.004877Z"},{"id":2263,"fincertId":"FINCERT-2026-002263","incidentId":13357,"idempotencyKey":"incident-13357","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:00.717222Z","receivedAt":"2026-05-15T20:51:00.730618Z"},{"id":2262,"fincertId":"FINCERT-2026-002262","incidentId":13356,"idempotencyKey":"incident-13356","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:00.695880Z","receivedAt":"2026-05-15T20:51:00.709477Z"},{"id":2261,"fincertId":"FINCERT-2026-002261","incidentId":13345,"idempotencyKey":"incident-13345","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:51:00.489106Z","receivedAt":"2026-05-15T20:51:00.511397Z"},{"id":2260,"fincertId":"FINCERT-2026-002260","incidentId":13344,"idempotencyKey":"incident-13344","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:00.456401Z","receivedAt":"2026-05-15T20:51:00.478903Z"},{"id":2259,"fincertId":"FINCERT-2026-002259","incidentId":13338,"idempotencyKey":"incident-13338","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:00.367215Z","receivedAt":"2026-05-15T20:51:00.381422Z"},{"id":2258,"fincertId":"FINCERT-2026-002258","incidentId":13332,"idempotencyKey":"incident-13332","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:00.235245Z","receivedAt":"2026-05-15T20:51:00.260672Z"},{"id":2257,"fincertId":"FINCERT-2026-002257","incidentId":13331,"idempotencyKey":"incident-13331","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:51:00.170462Z","receivedAt":"2026-05-15T20:51:00.199651Z"},{"id":2256,"fincertId":"FINCERT-2026-002256","incidentId":13329,"idempotencyKey":"incident-13329","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:51:00.099739Z","receivedAt":"2026-05-15T20:51:00.122792Z"},{"id":2255,"fincertId":"FINCERT-2026-002255","incidentId":13328,"idempotencyKey":"incident-13328","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:51:00.077193Z","receivedAt":"2026-05-15T20:51:00.091815Z"},{"id":2254,"fincertId":"FINCERT-2026-002254","incidentId":13321,"idempotencyKey":"incident-13321","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:59.933483Z","receivedAt":"2026-05-15T20:50:59.945371Z"},{"id":2253,"fincertId":"FINCERT-2026-002253","incidentId":13317,"idempotencyKey":"incident-13317","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.871735Z","receivedAt":"2026-05-15T20:50:59.884549Z"},{"id":2252,"fincertId":"FINCERT-2026-002252","incidentId":13316,"idempotencyKey":"incident-13316","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.849823Z","receivedAt":"2026-05-15T20:50:59.865860Z"},{"id":2251,"fincertId":"FINCERT-2026-002251","incidentId":13310,"idempotencyKey":"incident-13310","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.737575Z","receivedAt":"2026-05-15T20:50:59.749464Z"},{"id":2250,"fincertId":"FINCERT-2026-002250","incidentId":13308,"idempotencyKey":"incident-13308","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:59.697563Z","receivedAt":"2026-05-15T20:50:59.709911Z"},{"id":2249,"fincertId":"FINCERT-2026-002249","incidentId":13304,"idempotencyKey":"incident-13304","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.605142Z","receivedAt":"2026-05-15T20:50:59.628836Z"},{"id":2248,"fincertId":"FINCERT-2026-002248","incidentId":13303,"idempotencyKey":"incident-13303","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.584354Z","receivedAt":"2026-05-15T20:50:59.597976Z"},{"id":2247,"fincertId":"FINCERT-2026-002247","incidentId":13299,"idempotencyKey":"incident-13299","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:59.522497Z","receivedAt":"2026-05-15T20:50:59.535641Z"},{"id":2246,"fincertId":"FINCERT-2026-002246","incidentId":13293,"idempotencyKey":"incident-13293","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.422458Z","receivedAt":"2026-05-15T20:50:59.434869Z"},{"id":2245,"fincertId":"FINCERT-2026-002245","incidentId":13292,"idempotencyKey":"incident-13292","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:59.405053Z","receivedAt":"2026-05-15T20:50:59.416447Z"},{"id":2244,"fincertId":"FINCERT-2026-002244","incidentId":13291,"idempotencyKey":"incident-13291","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:59.374612Z","receivedAt":"2026-05-15T20:50:59.388663Z"},{"id":2243,"fincertId":"FINCERT-2026-002243","incidentId":13283,"idempotencyKey":"incident-13283","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.224958Z","receivedAt":"2026-05-15T20:50:59.241636Z"},{"id":2242,"fincertId":"FINCERT-2026-002242","incidentId":13281,"idempotencyKey":"incident-13281","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:59.188721Z","receivedAt":"2026-05-15T20:50:59.202727Z"},{"id":2241,"fincertId":"FINCERT-2026-002241","incidentId":13280,"idempotencyKey":"incident-13280","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.157053Z","receivedAt":"2026-05-15T20:50:59.168201Z"},{"id":2240,"fincertId":"FINCERT-2026-002240","incidentId":13275,"idempotencyKey":"incident-13275","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.067076Z","receivedAt":"2026-05-15T20:50:59.080792Z"},{"id":2239,"fincertId":"FINCERT-2026-002239","incidentId":13272,"idempotencyKey":"incident-13272","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:59.012111Z","receivedAt":"2026-05-15T20:50:59.028021Z"},{"id":2238,"fincertId":"FINCERT-2026-002238","incidentId":13271,"idempotencyKey":"incident-13271","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:58.973357Z","receivedAt":"2026-05-15T20:50:58.995848Z"},{"id":2237,"fincertId":"FINCERT-2026-002237","incidentId":13263,"idempotencyKey":"incident-13263","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:58.795109Z","receivedAt":"2026-05-15T20:50:58.815557Z"},{"id":2236,"fincertId":"FINCERT-2026-002236","incidentId":13247,"idempotencyKey":"incident-13247","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:58.495509Z","receivedAt":"2026-05-15T20:50:58.510702Z"},{"id":2235,"fincertId":"FINCERT-2026-002235","incidentId":13240,"idempotencyKey":"incident-13240","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:58.373831Z","receivedAt":"2026-05-15T20:50:58.386100Z"},{"id":2234,"fincertId":"FINCERT-2026-002234","incidentId":13234,"idempotencyKey":"incident-13234","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:58.247394Z","receivedAt":"2026-05-15T20:50:58.261485Z"},{"id":2233,"fincertId":"FINCERT-2026-002233","incidentId":13229,"idempotencyKey":"incident-13229","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:58.157371Z","receivedAt":"2026-05-15T20:50:58.177964Z"},{"id":2232,"fincertId":"FINCERT-2026-002232","incidentId":13228,"idempotencyKey":"incident-13228","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:58.106732Z","receivedAt":"2026-05-15T20:50:58.137342Z"},{"id":2231,"fincertId":"FINCERT-2026-002231","incidentId":13226,"idempotencyKey":"incident-13226","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:58.035529Z","receivedAt":"2026-05-15T20:50:58.068133Z"},{"id":2230,"fincertId":"FINCERT-2026-002230","incidentId":13222,"idempotencyKey":"incident-13222","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:57.934240Z","receivedAt":"2026-05-15T20:50:57.949062Z"},{"id":2229,"fincertId":"FINCERT-2026-002229","incidentId":13221,"idempotencyKey":"incident-13221","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:57.904015Z","receivedAt":"2026-05-15T20:50:57.918971Z"},{"id":2228,"fincertId":"FINCERT-2026-002228","incidentId":13217,"idempotencyKey":"incident-13217","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:57.794550Z","receivedAt":"2026-05-15T20:50:57.813071Z"},{"id":2227,"fincertId":"FINCERT-2026-002227","incidentId":13215,"idempotencyKey":"incident-13215","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:57.731067Z","receivedAt":"2026-05-15T20:50:57.744045Z"},{"id":2226,"fincertId":"FINCERT-2026-002226","incidentId":13214,"idempotencyKey":"incident-13214","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:57.711025Z","receivedAt":"2026-05-15T20:50:57.723442Z"},{"id":2225,"fincertId":"FINCERT-2026-002225","incidentId":13213,"idempotencyKey":"incident-13213","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:57.693517Z","receivedAt":"2026-05-15T20:50:57.704524Z"},{"id":2224,"fincertId":"FINCERT-2026-002224","incidentId":13209,"idempotencyKey":"incident-13209","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:57.628485Z","receivedAt":"2026-05-15T20:50:57.643761Z"},{"id":2223,"fincertId":"FINCERT-2026-002223","incidentId":13206,"idempotencyKey":"incident-13206","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:57.576097Z","receivedAt":"2026-05-15T20:50:57.588212Z"},{"id":2222,"fincertId":"FINCERT-2026-002222","incidentId":13201,"idempotencyKey":"incident-13201","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:57.459842Z","receivedAt":"2026-05-15T20:50:57.484915Z"},{"id":2221,"fincertId":"FINCERT-2026-002221","incidentId":13192,"idempotencyKey":"incident-13192","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:57.256457Z","receivedAt":"2026-05-15T20:50:57.272914Z"},{"id":2220,"fincertId":"FINCERT-2026-002220","incidentId":13188,"idempotencyKey":"incident-13188","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:57.186708Z","receivedAt":"2026-05-15T20:50:57.201641Z"},{"id":2219,"fincertId":"FINCERT-2026-002219","incidentId":13180,"idempotencyKey":"incident-13180","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:57.024516Z","receivedAt":"2026-05-15T20:50:57.040019Z"},{"id":2218,"fincertId":"FINCERT-2026-002218","incidentId":13178,"idempotencyKey":"incident-13178","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:56.964998Z","receivedAt":"2026-05-15T20:50:56.986756Z"},{"id":2217,"fincertId":"FINCERT-2026-002217","incidentId":13171,"idempotencyKey":"incident-13171","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:56.837690Z","receivedAt":"2026-05-15T20:50:56.858513Z"},{"id":2216,"fincertId":"FINCERT-2026-002216","incidentId":13168,"idempotencyKey":"incident-13168","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:56.765441Z","receivedAt":"2026-05-15T20:50:56.779758Z"},{"id":2215,"fincertId":"FINCERT-2026-002215","incidentId":13162,"idempotencyKey":"incident-13162","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:56.644702Z","receivedAt":"2026-05-15T20:50:56.676027Z"},{"id":2214,"fincertId":"FINCERT-2026-002214","incidentId":13149,"idempotencyKey":"incident-13149","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:56.355319Z","receivedAt":"2026-05-15T20:50:56.382707Z"},{"id":2213,"fincertId":"FINCERT-2026-002213","incidentId":13141,"idempotencyKey":"incident-13141","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:56.188220Z","receivedAt":"2026-05-15T20:50:56.200716Z"},{"id":2212,"fincertId":"FINCERT-2026-002212","incidentId":13138,"idempotencyKey":"incident-13138","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:56.094421Z","receivedAt":"2026-05-15T20:50:56.110834Z"},{"id":2211,"fincertId":"FINCERT-2026-002211","incidentId":13136,"idempotencyKey":"incident-13136","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:56.060392Z","receivedAt":"2026-05-15T20:50:56.072065Z"},{"id":2210,"fincertId":"FINCERT-2026-002210","incidentId":13132,"idempotencyKey":"incident-13132","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:55.988950Z","receivedAt":"2026-05-15T20:50:56.005353Z"},{"id":2209,"fincertId":"FINCERT-2026-002209","incidentId":13130,"idempotencyKey":"incident-13130","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:55.942633Z","receivedAt":"2026-05-15T20:50:55.957648Z"},{"id":2208,"fincertId":"FINCERT-2026-002208","incidentId":13129,"idempotencyKey":"incident-13129","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:55.921515Z","receivedAt":"2026-05-15T20:50:55.935883Z"},{"id":2207,"fincertId":"FINCERT-2026-002207","incidentId":13128,"idempotencyKey":"incident-13128","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:55.898818Z","receivedAt":"2026-05-15T20:50:55.912307Z"},{"id":2206,"fincertId":"FINCERT-2026-002206","incidentId":13126,"idempotencyKey":"incident-13126","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:55.853048Z","receivedAt":"2026-05-15T20:50:55.870544Z"},{"id":2205,"fincertId":"FINCERT-2026-002205","incidentId":13118,"idempotencyKey":"incident-13118","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:55.675644Z","receivedAt":"2026-05-15T20:50:55.697655Z"},{"id":2204,"fincertId":"FINCERT-2026-002204","incidentId":13105,"idempotencyKey":"incident-13105","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:55.398948Z","receivedAt":"2026-05-15T20:50:55.419915Z"},{"id":2203,"fincertId":"FINCERT-2026-002203","incidentId":13103,"idempotencyKey":"incident-13103","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:55.329081Z","receivedAt":"2026-05-15T20:50:55.363834Z"},{"id":2202,"fincertId":"FINCERT-2026-002202","incidentId":13102,"idempotencyKey":"incident-13102","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:55.296791Z","receivedAt":"2026-05-15T20:50:55.320573Z"},{"id":2201,"fincertId":"FINCERT-2026-002201","incidentId":13098,"idempotencyKey":"incident-13098","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:55.238707Z","receivedAt":"2026-05-15T20:50:55.249519Z"},{"id":2200,"fincertId":"FINCERT-2026-002200","incidentId":13097,"idempotencyKey":"incident-13097","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:55.221080Z","receivedAt":"2026-05-15T20:50:55.232025Z"},{"id":2199,"fincertId":"FINCERT-2026-002199","incidentId":13095,"idempotencyKey":"incident-13095","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:55.186756Z","receivedAt":"2026-05-15T20:50:55.199860Z"},{"id":2198,"fincertId":"FINCERT-2026-002198","incidentId":13093,"idempotencyKey":"incident-13093","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:55.127885Z","receivedAt":"2026-05-15T20:50:55.149808Z"},{"id":2197,"fincertId":"FINCERT-2026-002197","incidentId":13092,"idempotencyKey":"incident-13092","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:55.091235Z","receivedAt":"2026-05-15T20:50:55.107758Z"},{"id":2196,"fincertId":"FINCERT-2026-002196","incidentId":13091,"idempotencyKey":"incident-13091","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:55.069571Z","receivedAt":"2026-05-15T20:50:55.082618Z"},{"id":2195,"fincertId":"FINCERT-2026-002195","incidentId":13090,"idempotencyKey":"incident-13090","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:55.047093Z","receivedAt":"2026-05-15T20:50:55.062029Z"},{"id":2194,"fincertId":"FINCERT-2026-002194","incidentId":13085,"idempotencyKey":"incident-13085","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:54.938644Z","receivedAt":"2026-05-15T20:50:54.949814Z"},{"id":2193,"fincertId":"FINCERT-2026-002193","incidentId":13080,"idempotencyKey":"incident-13080","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:54.804957Z","receivedAt":"2026-05-15T20:50:54.830110Z"},{"id":2192,"fincertId":"FINCERT-2026-002192","incidentId":13070,"idempotencyKey":"incident-13070","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:54.647446Z","receivedAt":"2026-05-15T20:50:54.661374Z"},{"id":2191,"fincertId":"FINCERT-2026-002191","incidentId":13069,"idempotencyKey":"incident-13069","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:54.620498Z","receivedAt":"2026-05-15T20:50:54.639802Z"},{"id":2190,"fincertId":"FINCERT-2026-002190","incidentId":13066,"idempotencyKey":"incident-13066","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:54.565880Z","receivedAt":"2026-05-15T20:50:54.578345Z"},{"id":2189,"fincertId":"FINCERT-2026-002189","incidentId":13062,"idempotencyKey":"incident-13062","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:54.478905Z","receivedAt":"2026-05-15T20:50:54.504515Z"},{"id":2188,"fincertId":"FINCERT-2026-002188","incidentId":13060,"idempotencyKey":"incident-13060","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:54.421552Z","receivedAt":"2026-05-15T20:50:54.438669Z"},{"id":2187,"fincertId":"FINCERT-2026-002187","incidentId":13055,"idempotencyKey":"incident-13055","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:54.323074Z","receivedAt":"2026-05-15T20:50:54.345863Z"},{"id":2186,"fincertId":"FINCERT-2026-002186","incidentId":13049,"idempotencyKey":"incident-13049","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:54.220652Z","receivedAt":"2026-05-15T20:50:54.236499Z"},{"id":2185,"fincertId":"FINCERT-2026-002185","incidentId":13048,"idempotencyKey":"incident-13048","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:54.188005Z","receivedAt":"2026-05-15T20:50:54.204885Z"},{"id":2184,"fincertId":"FINCERT-2026-002184","incidentId":13043,"idempotencyKey":"incident-13043","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:54.075732Z","receivedAt":"2026-05-15T20:50:54.091551Z"},{"id":2183,"fincertId":"FINCERT-2026-002183","incidentId":13038,"idempotencyKey":"incident-13038","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:53.966775Z","receivedAt":"2026-05-15T20:50:53.988674Z"},{"id":2182,"fincertId":"FINCERT-2026-002182","incidentId":13035,"idempotencyKey":"incident-13035","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:53.903598Z","receivedAt":"2026-05-15T20:50:53.923006Z"},{"id":2181,"fincertId":"FINCERT-2026-002181","incidentId":13034,"idempotencyKey":"incident-13034","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:53.872482Z","receivedAt":"2026-05-15T20:50:53.895514Z"},{"id":2180,"fincertId":"FINCERT-2026-002180","incidentId":13032,"idempotencyKey":"incident-13032","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:53.812392Z","receivedAt":"2026-05-15T20:50:53.838818Z"},{"id":2179,"fincertId":"FINCERT-2026-002179","incidentId":13029,"idempotencyKey":"incident-13029","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:53.731061Z","receivedAt":"2026-05-15T20:50:53.744845Z"},{"id":2178,"fincertId":"FINCERT-2026-002178","incidentId":13028,"idempotencyKey":"incident-13028","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:53.658449Z","receivedAt":"2026-05-15T20:50:53.702949Z"},{"id":2177,"fincertId":"FINCERT-2026-002177","incidentId":13025,"idempotencyKey":"incident-13025","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:53.565405Z","receivedAt":"2026-05-15T20:50:53.578398Z"},{"id":2176,"fincertId":"FINCERT-2026-002176","incidentId":13024,"idempotencyKey":"incident-13024","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:53.539094Z","receivedAt":"2026-05-15T20:50:53.556987Z"},{"id":2175,"fincertId":"FINCERT-2026-002175","incidentId":13020,"idempotencyKey":"incident-13020","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:53.415369Z","receivedAt":"2026-05-15T20:50:53.431929Z"},{"id":2174,"fincertId":"FINCERT-2026-002174","incidentId":13019,"idempotencyKey":"incident-13019","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:53.395322Z","receivedAt":"2026-05-15T20:50:53.408888Z"},{"id":2173,"fincertId":"FINCERT-2026-002173","incidentId":13018,"idempotencyKey":"incident-13018","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:53.371476Z","receivedAt":"2026-05-15T20:50:53.388566Z"},{"id":2172,"fincertId":"FINCERT-2026-002172","incidentId":13017,"idempotencyKey":"incident-13017","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:53.343790Z","receivedAt":"2026-05-15T20:50:53.355877Z"},{"id":2171,"fincertId":"FINCERT-2026-002171","incidentId":13015,"idempotencyKey":"incident-13015","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:53.300778Z","receivedAt":"2026-05-15T20:50:53.315159Z"},{"id":2170,"fincertId":"FINCERT-2026-002170","incidentId":13013,"idempotencyKey":"incident-13013","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:53.259515Z","receivedAt":"2026-05-15T20:50:53.271463Z"},{"id":2169,"fincertId":"FINCERT-2026-002169","incidentId":13010,"idempotencyKey":"incident-13010","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:53.207658Z","receivedAt":"2026-05-15T20:50:53.221522Z"},{"id":2168,"fincertId":"FINCERT-2026-002168","incidentId":13005,"idempotencyKey":"incident-13005","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:53.103067Z","receivedAt":"2026-05-15T20:50:53.124552Z"},{"id":2167,"fincertId":"FINCERT-2026-002167","incidentId":12996,"idempotencyKey":"incident-12996","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:52.896402Z","receivedAt":"2026-05-15T20:50:52.912291Z"},{"id":2166,"fincertId":"FINCERT-2026-002166","incidentId":12984,"idempotencyKey":"incident-12984","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:52.591469Z","receivedAt":"2026-05-15T20:50:52.606119Z"},{"id":2165,"fincertId":"FINCERT-2026-002165","incidentId":12983,"idempotencyKey":"incident-12983","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:52.569992Z","receivedAt":"2026-05-15T20:50:52.583666Z"},{"id":2164,"fincertId":"FINCERT-2026-002164","incidentId":12981,"idempotencyKey":"incident-12981","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:52.522038Z","receivedAt":"2026-05-15T20:50:52.536045Z"},{"id":2163,"fincertId":"FINCERT-2026-002163","incidentId":12972,"idempotencyKey":"incident-12972","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:52.364378Z","receivedAt":"2026-05-15T20:50:52.379559Z"},{"id":2162,"fincertId":"FINCERT-2026-002162","incidentId":12971,"idempotencyKey":"incident-12971","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:52.326241Z","receivedAt":"2026-05-15T20:50:52.348205Z"},{"id":2161,"fincertId":"FINCERT-2026-002161","incidentId":12968,"idempotencyKey":"incident-12968","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:52.265786Z","receivedAt":"2026-05-15T20:50:52.277004Z"},{"id":2160,"fincertId":"FINCERT-2026-002160","incidentId":12965,"idempotencyKey":"incident-12965","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:52.210944Z","receivedAt":"2026-05-15T20:50:52.226825Z"},{"id":2159,"fincertId":"FINCERT-2026-002159","incidentId":12963,"idempotencyKey":"incident-12963","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:52.145492Z","receivedAt":"2026-05-15T20:50:52.185771Z"},{"id":2158,"fincertId":"FINCERT-2026-002158","incidentId":12962,"idempotencyKey":"incident-12962","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:52.101779Z","receivedAt":"2026-05-15T20:50:52.123217Z"},{"id":2157,"fincertId":"FINCERT-2026-002157","incidentId":12954,"idempotencyKey":"incident-12954","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:51.982800Z","receivedAt":"2026-05-15T20:50:51.998053Z"},{"id":2156,"fincertId":"FINCERT-2026-002156","incidentId":12952,"idempotencyKey":"incident-12952","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:51.926906Z","receivedAt":"2026-05-15T20:50:51.940549Z"},{"id":2155,"fincertId":"FINCERT-2026-002155","incidentId":12948,"idempotencyKey":"incident-12948","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:51.834970Z","receivedAt":"2026-05-15T20:50:51.871687Z"},{"id":2154,"fincertId":"FINCERT-2026-002154","incidentId":12941,"idempotencyKey":"incident-12941","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:51.684561Z","receivedAt":"2026-05-15T20:50:51.698424Z"},{"id":2153,"fincertId":"FINCERT-2026-002153","incidentId":12933,"idempotencyKey":"incident-12933","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:51.496015Z","receivedAt":"2026-05-15T20:50:51.520116Z"},{"id":2152,"fincertId":"FINCERT-2026-002152","incidentId":12923,"idempotencyKey":"incident-12923","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:51.214892Z","receivedAt":"2026-05-15T20:50:51.234024Z"},{"id":2151,"fincertId":"FINCERT-2026-002151","incidentId":12921,"idempotencyKey":"incident-12921","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:51.170582Z","receivedAt":"2026-05-15T20:50:51.189426Z"},{"id":2150,"fincertId":"FINCERT-2026-002150","incidentId":12919,"idempotencyKey":"incident-12919","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:51.076988Z","receivedAt":"2026-05-15T20:50:51.093162Z"},{"id":2149,"fincertId":"FINCERT-2026-002149","incidentId":12917,"idempotencyKey":"incident-12917","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:51.026284Z","receivedAt":"2026-05-15T20:50:51.043791Z"},{"id":2148,"fincertId":"FINCERT-2026-002148","incidentId":12912,"idempotencyKey":"incident-12912","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:50.821040Z","receivedAt":"2026-05-15T20:50:50.847571Z"},{"id":2147,"fincertId":"FINCERT-2026-002147","incidentId":12899,"idempotencyKey":"incident-12899","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:50.429686Z","receivedAt":"2026-05-15T20:50:50.443918Z"},{"id":2146,"fincertId":"FINCERT-2026-002146","incidentId":12897,"idempotencyKey":"incident-12897","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:50.395495Z","receivedAt":"2026-05-15T20:50:50.407679Z"},{"id":2145,"fincertId":"FINCERT-2026-002145","incidentId":12894,"idempotencyKey":"incident-12894","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:50.330042Z","receivedAt":"2026-05-15T20:50:50.353798Z"},{"id":2144,"fincertId":"FINCERT-2026-002144","incidentId":12891,"idempotencyKey":"incident-12891","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:50.262810Z","receivedAt":"2026-05-15T20:50:50.276854Z"},{"id":2143,"fincertId":"FINCERT-2026-002143","incidentId":12889,"idempotencyKey":"incident-12889","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:50.229925Z","receivedAt":"2026-05-15T20:50:50.242141Z"},{"id":2142,"fincertId":"FINCERT-2026-002142","incidentId":12888,"idempotencyKey":"incident-12888","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:50.209564Z","receivedAt":"2026-05-15T20:50:50.222877Z"},{"id":2141,"fincertId":"FINCERT-2026-002141","incidentId":12886,"idempotencyKey":"incident-12886","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:50.177391Z","receivedAt":"2026-05-15T20:50:50.189927Z"},{"id":2140,"fincertId":"FINCERT-2026-002140","incidentId":12885,"idempotencyKey":"incident-12885","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:50.132766Z","receivedAt":"2026-05-15T20:50:50.159569Z"},{"id":2139,"fincertId":"FINCERT-2026-002139","incidentId":12884,"idempotencyKey":"incident-12884","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:50.101415Z","receivedAt":"2026-05-15T20:50:50.119837Z"},{"id":2138,"fincertId":"FINCERT-2026-002138","incidentId":12883,"idempotencyKey":"incident-12883","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:50.082588Z","receivedAt":"2026-05-15T20:50:50.094753Z"},{"id":2137,"fincertId":"FINCERT-2026-002137","incidentId":12882,"idempotencyKey":"incident-12882","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:50.063964Z","receivedAt":"2026-05-15T20:50:50.076086Z"},{"id":2136,"fincertId":"FINCERT-2026-002136","incidentId":12874,"idempotencyKey":"incident-12874","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:49.934559Z","receivedAt":"2026-05-15T20:50:49.945567Z"},{"id":2135,"fincertId":"FINCERT-2026-002135","incidentId":12872,"idempotencyKey":"incident-12872","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:49.894562Z","receivedAt":"2026-05-15T20:50:49.906019Z"},{"id":2134,"fincertId":"FINCERT-2026-002134","incidentId":12869,"idempotencyKey":"incident-12869","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:49.840982Z","receivedAt":"2026-05-15T20:50:49.861960Z"},{"id":2133,"fincertId":"FINCERT-2026-002133","incidentId":12855,"idempotencyKey":"incident-12855","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:49.573095Z","receivedAt":"2026-05-15T20:50:49.585428Z"},{"id":2132,"fincertId":"FINCERT-2026-002132","incidentId":12854,"idempotencyKey":"incident-12854","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:49.546566Z","receivedAt":"2026-05-15T20:50:49.564337Z"},{"id":2131,"fincertId":"FINCERT-2026-002131","incidentId":12850,"idempotencyKey":"incident-12850","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:49.457535Z","receivedAt":"2026-05-15T20:50:49.487557Z"},{"id":2130,"fincertId":"FINCERT-2026-002130","incidentId":12847,"idempotencyKey":"incident-12847","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:49.405143Z","receivedAt":"2026-05-15T20:50:49.419883Z"},{"id":2129,"fincertId":"FINCERT-2026-002129","incidentId":12843,"idempotencyKey":"incident-12843","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:49.300921Z","receivedAt":"2026-05-15T20:50:49.327783Z"},{"id":2128,"fincertId":"FINCERT-2026-002128","incidentId":12842,"idempotencyKey":"incident-12842","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:49.280582Z","receivedAt":"2026-05-15T20:50:49.293669Z"},{"id":2127,"fincertId":"FINCERT-2026-002127","incidentId":12841,"idempotencyKey":"incident-12841","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:49.253913Z","receivedAt":"2026-05-15T20:50:49.264517Z"},{"id":2126,"fincertId":"FINCERT-2026-002126","incidentId":12840,"idempotencyKey":"incident-12840","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:49.217819Z","receivedAt":"2026-05-15T20:50:49.232128Z"},{"id":2125,"fincertId":"FINCERT-2026-002125","incidentId":12829,"idempotencyKey":"incident-12829","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:48.963507Z","receivedAt":"2026-05-15T20:50:48.995122Z"},{"id":2124,"fincertId":"FINCERT-2026-002124","incidentId":12825,"idempotencyKey":"incident-12825","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:48.886494Z","receivedAt":"2026-05-15T20:50:48.904103Z"},{"id":2123,"fincertId":"FINCERT-2026-002123","incidentId":12824,"idempotencyKey":"incident-12824","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:48.854138Z","receivedAt":"2026-05-15T20:50:48.872620Z"},{"id":2122,"fincertId":"FINCERT-2026-002122","incidentId":12821,"idempotencyKey":"incident-12821","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:48.779925Z","receivedAt":"2026-05-15T20:50:48.792945Z"},{"id":2121,"fincertId":"FINCERT-2026-002121","incidentId":12819,"idempotencyKey":"incident-12819","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:48.723500Z","receivedAt":"2026-05-15T20:50:48.738674Z"},{"id":2120,"fincertId":"FINCERT-2026-002120","incidentId":12817,"idempotencyKey":"incident-12817","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:48.670981Z","receivedAt":"2026-05-15T20:50:48.690714Z"},{"id":2119,"fincertId":"FINCERT-2026-002119","incidentId":12812,"idempotencyKey":"incident-12812","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:48.551872Z","receivedAt":"2026-05-15T20:50:48.564916Z"},{"id":2118,"fincertId":"FINCERT-2026-002118","incidentId":12810,"idempotencyKey":"incident-12810","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:48.511191Z","receivedAt":"2026-05-15T20:50:48.524153Z"},{"id":2117,"fincertId":"FINCERT-2026-002117","incidentId":12809,"idempotencyKey":"incident-12809","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:48.488632Z","receivedAt":"2026-05-15T20:50:48.502853Z"},{"id":2116,"fincertId":"FINCERT-2026-002116","incidentId":12807,"idempotencyKey":"incident-12807","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:48.442744Z","receivedAt":"2026-05-15T20:50:48.462609Z"},{"id":2115,"fincertId":"FINCERT-2026-002115","incidentId":12800,"idempotencyKey":"incident-12800","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:48.325856Z","receivedAt":"2026-05-15T20:50:48.344966Z"},{"id":2114,"fincertId":"FINCERT-2026-002114","incidentId":12795,"idempotencyKey":"incident-12795","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:48.203978Z","receivedAt":"2026-05-15T20:50:48.223621Z"},{"id":2113,"fincertId":"FINCERT-2026-002113","incidentId":12793,"idempotencyKey":"incident-12793","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:48.148904Z","receivedAt":"2026-05-15T20:50:48.176006Z"},{"id":2112,"fincertId":"FINCERT-2026-002112","incidentId":12790,"idempotencyKey":"incident-12790","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:48.027952Z","receivedAt":"2026-05-15T20:50:48.051286Z"},{"id":2111,"fincertId":"FINCERT-2026-002111","incidentId":12787,"idempotencyKey":"incident-12787","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:47.919155Z","receivedAt":"2026-05-15T20:50:47.941127Z"},{"id":2110,"fincertId":"FINCERT-2026-002110","incidentId":12781,"idempotencyKey":"incident-12781","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:47.463736Z","receivedAt":"2026-05-15T20:50:47.487322Z"},{"id":2109,"fincertId":"FINCERT-2026-002109","incidentId":12780,"idempotencyKey":"incident-12780","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:47.419020Z","receivedAt":"2026-05-15T20:50:47.446597Z"},{"id":2108,"fincertId":"FINCERT-2026-002108","incidentId":12779,"idempotencyKey":"incident-12779","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:47.377223Z","receivedAt":"2026-05-15T20:50:47.405510Z"},{"id":2107,"fincertId":"FINCERT-2026-002107","incidentId":12775,"idempotencyKey":"incident-12775","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:47.220883Z","receivedAt":"2026-05-15T20:50:47.253462Z"},{"id":2106,"fincertId":"FINCERT-2026-002106","incidentId":12771,"idempotencyKey":"incident-12771","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:47.043753Z","receivedAt":"2026-05-15T20:50:47.096607Z"},{"id":2105,"fincertId":"FINCERT-2026-002105","incidentId":12768,"idempotencyKey":"incident-12768","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:46.926979Z","receivedAt":"2026-05-15T20:50:46.961139Z"},{"id":2104,"fincertId":"FINCERT-2026-002104","incidentId":12764,"idempotencyKey":"incident-12764","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:46.790454Z","receivedAt":"2026-05-15T20:50:46.825108Z"},{"id":2103,"fincertId":"FINCERT-2026-002103","incidentId":12760,"idempotencyKey":"incident-12760","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:46.678791Z","receivedAt":"2026-05-15T20:50:46.695837Z"},{"id":2102,"fincertId":"FINCERT-2026-002102","incidentId":12756,"idempotencyKey":"incident-12756","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:46.575869Z","receivedAt":"2026-05-15T20:50:46.595646Z"},{"id":2101,"fincertId":"FINCERT-2026-002101","incidentId":12753,"idempotencyKey":"incident-12753","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:46.505957Z","receivedAt":"2026-05-15T20:50:46.518848Z"},{"id":2100,"fincertId":"FINCERT-2026-002100","incidentId":12752,"idempotencyKey":"incident-12752","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:46.480189Z","receivedAt":"2026-05-15T20:50:46.498654Z"},{"id":2099,"fincertId":"FINCERT-2026-002099","incidentId":12750,"idempotencyKey":"incident-12750","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:46.439447Z","receivedAt":"2026-05-15T20:50:46.455009Z"},{"id":2098,"fincertId":"FINCERT-2026-002098","incidentId":12749,"idempotencyKey":"incident-12749","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:46.411593Z","receivedAt":"2026-05-15T20:50:46.423902Z"},{"id":2097,"fincertId":"FINCERT-2026-002097","incidentId":12746,"idempotencyKey":"incident-12746","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:46.356042Z","receivedAt":"2026-05-15T20:50:46.367659Z"},{"id":2096,"fincertId":"FINCERT-2026-002096","incidentId":12745,"idempotencyKey":"incident-12745","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:46.335732Z","receivedAt":"2026-05-15T20:50:46.348927Z"},{"id":2095,"fincertId":"FINCERT-2026-002095","incidentId":12743,"idempotencyKey":"incident-12743","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:46.294034Z","receivedAt":"2026-05-15T20:50:46.309700Z"},{"id":2094,"fincertId":"FINCERT-2026-002094","incidentId":12730,"idempotencyKey":"incident-12730","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:46.060056Z","receivedAt":"2026-05-15T20:50:46.073004Z"},{"id":2093,"fincertId":"FINCERT-2026-002093","incidentId":12727,"idempotencyKey":"incident-12727","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:46.008431Z","receivedAt":"2026-05-15T20:50:46.021889Z"},{"id":2092,"fincertId":"FINCERT-2026-002092","incidentId":12724,"idempotencyKey":"incident-12724","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:45.956660Z","receivedAt":"2026-05-15T20:50:45.969518Z"},{"id":2091,"fincertId":"FINCERT-2026-002091","incidentId":12723,"idempotencyKey":"incident-12723","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:45.936410Z","receivedAt":"2026-05-15T20:50:45.950136Z"},{"id":2090,"fincertId":"FINCERT-2026-002090","incidentId":12717,"idempotencyKey":"incident-12717","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:45.825948Z","receivedAt":"2026-05-15T20:50:45.840157Z"},{"id":2089,"fincertId":"FINCERT-2026-002089","incidentId":12716,"idempotencyKey":"incident-12716","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:45.802496Z","receivedAt":"2026-05-15T20:50:45.815764Z"},{"id":2088,"fincertId":"FINCERT-2026-002088","incidentId":12709,"idempotencyKey":"incident-12709","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:45.647053Z","receivedAt":"2026-05-15T20:50:45.675120Z"},{"id":2087,"fincertId":"FINCERT-2026-002087","incidentId":12706,"idempotencyKey":"incident-12706","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:45.525600Z","receivedAt":"2026-05-15T20:50:45.551538Z"},{"id":2086,"fincertId":"FINCERT-2026-002086","incidentId":12704,"idempotencyKey":"incident-12704","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:45.453823Z","receivedAt":"2026-05-15T20:50:45.477673Z"},{"id":2085,"fincertId":"FINCERT-2026-002085","incidentId":12696,"idempotencyKey":"incident-12696","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:45.262011Z","receivedAt":"2026-05-15T20:50:45.278102Z"},{"id":2084,"fincertId":"FINCERT-2026-002084","incidentId":12694,"idempotencyKey":"incident-12694","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:45.219966Z","receivedAt":"2026-05-15T20:50:45.237734Z"},{"id":2083,"fincertId":"FINCERT-2026-002083","incidentId":12691,"idempotencyKey":"incident-12691","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:45.153376Z","receivedAt":"2026-05-15T20:50:45.174790Z"},{"id":2082,"fincertId":"FINCERT-2026-002082","incidentId":12689,"idempotencyKey":"incident-12689","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:45.099641Z","receivedAt":"2026-05-15T20:50:45.116995Z"},{"id":2081,"fincertId":"FINCERT-2026-002081","incidentId":12687,"idempotencyKey":"incident-12687","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:45.053057Z","receivedAt":"2026-05-15T20:50:45.066356Z"},{"id":2080,"fincertId":"FINCERT-2026-002080","incidentId":12684,"idempotencyKey":"incident-12684","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:44.990958Z","receivedAt":"2026-05-15T20:50:45.015616Z"},{"id":2079,"fincertId":"FINCERT-2026-002079","incidentId":12682,"idempotencyKey":"incident-12682","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:44.944269Z","receivedAt":"2026-05-15T20:50:44.961006Z"},{"id":2078,"fincertId":"FINCERT-2026-002078","incidentId":12678,"idempotencyKey":"incident-12678","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:44.885702Z","receivedAt":"2026-05-15T20:50:44.896289Z"},{"id":2077,"fincertId":"FINCERT-2026-002077","incidentId":12675,"idempotencyKey":"incident-12675","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:44.814368Z","receivedAt":"2026-05-15T20:50:44.830197Z"},{"id":2076,"fincertId":"FINCERT-2026-002076","incidentId":12670,"idempotencyKey":"incident-12670","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:44.706157Z","receivedAt":"2026-05-15T20:50:44.718787Z"},{"id":2075,"fincertId":"FINCERT-2026-002075","incidentId":12663,"idempotencyKey":"incident-12663","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:44.584366Z","receivedAt":"2026-05-15T20:50:44.596455Z"},{"id":2074,"fincertId":"FINCERT-2026-002074","incidentId":12655,"idempotencyKey":"incident-12655","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:44.443634Z","receivedAt":"2026-05-15T20:50:44.457284Z"},{"id":2073,"fincertId":"FINCERT-2026-002073","incidentId":12651,"idempotencyKey":"incident-12651","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:44.388131Z","receivedAt":"2026-05-15T20:50:44.399882Z"},{"id":2072,"fincertId":"FINCERT-2026-002072","incidentId":12650,"idempotencyKey":"incident-12650","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:44.371204Z","receivedAt":"2026-05-15T20:50:44.381447Z"},{"id":2071,"fincertId":"FINCERT-2026-002071","incidentId":12642,"idempotencyKey":"incident-12642","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:44.233459Z","receivedAt":"2026-05-15T20:50:44.247880Z"},{"id":2070,"fincertId":"FINCERT-2026-002070","incidentId":12637,"idempotencyKey":"incident-12637","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:44.152617Z","receivedAt":"2026-05-15T20:50:44.165672Z"},{"id":2069,"fincertId":"FINCERT-2026-002069","incidentId":12634,"idempotencyKey":"incident-12634","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:44.090995Z","receivedAt":"2026-05-15T20:50:44.103666Z"},{"id":2068,"fincertId":"FINCERT-2026-002068","incidentId":12632,"idempotencyKey":"incident-12632","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:44.051222Z","receivedAt":"2026-05-15T20:50:44.067080Z"},{"id":2067,"fincertId":"FINCERT-2026-002067","incidentId":12628,"idempotencyKey":"incident-12628","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:43.947139Z","receivedAt":"2026-05-15T20:50:43.962415Z"},{"id":2066,"fincertId":"FINCERT-2026-002066","incidentId":12618,"idempotencyKey":"incident-12618","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:43.770846Z","receivedAt":"2026-05-15T20:50:43.783635Z"},{"id":2065,"fincertId":"FINCERT-2026-002065","incidentId":12616,"idempotencyKey":"incident-12616","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:43.737790Z","receivedAt":"2026-05-15T20:50:43.749792Z"},{"id":2064,"fincertId":"FINCERT-2026-002064","incidentId":12614,"idempotencyKey":"incident-12614","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:43.697437Z","receivedAt":"2026-05-15T20:50:43.708831Z"},{"id":2063,"fincertId":"FINCERT-2026-002063","incidentId":12613,"idempotencyKey":"incident-12613","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:43.675585Z","receivedAt":"2026-05-15T20:50:43.690988Z"},{"id":2062,"fincertId":"FINCERT-2026-002062","incidentId":12608,"idempotencyKey":"incident-12608","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:43.563775Z","receivedAt":"2026-05-15T20:50:43.574691Z"},{"id":2061,"fincertId":"FINCERT-2026-002061","incidentId":12607,"idempotencyKey":"incident-12607","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:43.537784Z","receivedAt":"2026-05-15T20:50:43.549390Z"},{"id":2060,"fincertId":"FINCERT-2026-002060","incidentId":12604,"idempotencyKey":"incident-12604","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:43.460541Z","receivedAt":"2026-05-15T20:50:43.490684Z"},{"id":2059,"fincertId":"FINCERT-2026-002059","incidentId":12601,"idempotencyKey":"incident-12601","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:43.395548Z","receivedAt":"2026-05-15T20:50:43.414684Z"},{"id":2058,"fincertId":"FINCERT-2026-002058","incidentId":12599,"idempotencyKey":"incident-12599","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:43.328734Z","receivedAt":"2026-05-15T20:50:43.349942Z"},{"id":2057,"fincertId":"FINCERT-2026-002057","incidentId":12595,"idempotencyKey":"incident-12595","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:43.255820Z","receivedAt":"2026-05-15T20:50:43.267266Z"},{"id":2056,"fincertId":"FINCERT-2026-002056","incidentId":12588,"idempotencyKey":"incident-12588","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:43.111356Z","receivedAt":"2026-05-15T20:50:43.128658Z"},{"id":2055,"fincertId":"FINCERT-2026-002055","incidentId":12585,"idempotencyKey":"incident-12585","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:43.059602Z","receivedAt":"2026-05-15T20:50:43.074812Z"},{"id":2054,"fincertId":"FINCERT-2026-002054","incidentId":12578,"idempotencyKey":"incident-12578","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.916693Z","receivedAt":"2026-05-15T20:50:42.932529Z"},{"id":2053,"fincertId":"FINCERT-2026-002053","incidentId":12570,"idempotencyKey":"incident-12570","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.774526Z","receivedAt":"2026-05-15T20:50:42.788429Z"},{"id":2052,"fincertId":"FINCERT-2026-002052","incidentId":12568,"idempotencyKey":"incident-12568","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.734635Z","receivedAt":"2026-05-15T20:50:42.747907Z"},{"id":2051,"fincertId":"FINCERT-2026-002051","incidentId":12565,"idempotencyKey":"incident-12565","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:42.619738Z","receivedAt":"2026-05-15T20:50:42.651693Z"},{"id":2050,"fincertId":"FINCERT-2026-002050","incidentId":12564,"idempotencyKey":"incident-12564","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:42.587894Z","receivedAt":"2026-05-15T20:50:42.604963Z"},{"id":2049,"fincertId":"FINCERT-2026-002049","incidentId":12561,"idempotencyKey":"incident-12561","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:42.486760Z","receivedAt":"2026-05-15T20:50:42.521527Z"},{"id":2048,"fincertId":"FINCERT-2026-002048","incidentId":12560,"idempotencyKey":"incident-12560","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:42.450756Z","receivedAt":"2026-05-15T20:50:42.466021Z"},{"id":2047,"fincertId":"FINCERT-2026-002047","incidentId":12558,"idempotencyKey":"incident-12558","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:42.399501Z","receivedAt":"2026-05-15T20:50:42.413767Z"},{"id":2046,"fincertId":"FINCERT-2026-002046","incidentId":12555,"idempotencyKey":"incident-12555","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.336932Z","receivedAt":"2026-05-15T20:50:42.354305Z"},{"id":2045,"fincertId":"FINCERT-2026-002045","incidentId":12553,"idempotencyKey":"incident-12553","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:42.288906Z","receivedAt":"2026-05-15T20:50:42.300894Z"},{"id":2044,"fincertId":"FINCERT-2026-002044","incidentId":12551,"idempotencyKey":"incident-12551","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.255671Z","receivedAt":"2026-05-15T20:50:42.267464Z"},{"id":2043,"fincertId":"FINCERT-2026-002043","incidentId":12550,"idempotencyKey":"incident-12550","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:42.232222Z","receivedAt":"2026-05-15T20:50:42.246100Z"},{"id":2042,"fincertId":"FINCERT-2026-002042","incidentId":12549,"idempotencyKey":"incident-12549","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:42.210962Z","receivedAt":"2026-05-15T20:50:42.224058Z"},{"id":2041,"fincertId":"FINCERT-2026-002041","incidentId":12547,"idempotencyKey":"incident-12547","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:42.165224Z","receivedAt":"2026-05-15T20:50:42.182840Z"},{"id":2040,"fincertId":"FINCERT-2026-002040","incidentId":12546,"idempotencyKey":"incident-12546","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.142189Z","receivedAt":"2026-05-15T20:50:42.157503Z"},{"id":2039,"fincertId":"FINCERT-2026-002039","incidentId":12545,"idempotencyKey":"incident-12545","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.112865Z","receivedAt":"2026-05-15T20:50:42.128717Z"},{"id":2038,"fincertId":"FINCERT-2026-002038","incidentId":12543,"idempotencyKey":"incident-12543","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.076843Z","receivedAt":"2026-05-15T20:50:42.089826Z"},{"id":2037,"fincertId":"FINCERT-2026-002037","incidentId":12540,"idempotencyKey":"incident-12540","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:42.028151Z","receivedAt":"2026-05-15T20:50:42.040799Z"},{"id":2036,"fincertId":"FINCERT-2026-002036","incidentId":12538,"idempotencyKey":"incident-12538","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:41.935632Z","receivedAt":"2026-05-15T20:50:41.965630Z"},{"id":2035,"fincertId":"FINCERT-2026-002035","incidentId":12535,"idempotencyKey":"incident-12535","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:41.879777Z","receivedAt":"2026-05-15T20:50:41.890520Z"},{"id":2034,"fincertId":"FINCERT-2026-002034","incidentId":12534,"idempotencyKey":"incident-12534","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:41.854688Z","receivedAt":"2026-05-15T20:50:41.872848Z"},{"id":2033,"fincertId":"FINCERT-2026-002033","incidentId":12527,"idempotencyKey":"incident-12527","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:41.724091Z","receivedAt":"2026-05-15T20:50:41.735282Z"},{"id":2032,"fincertId":"FINCERT-2026-002032","incidentId":12525,"idempotencyKey":"incident-12525","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:41.693334Z","receivedAt":"2026-05-15T20:50:41.703276Z"},{"id":2031,"fincertId":"FINCERT-2026-002031","incidentId":12522,"idempotencyKey":"incident-12522","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:41.626213Z","receivedAt":"2026-05-15T20:50:41.653491Z"},{"id":2030,"fincertId":"FINCERT-2026-002030","incidentId":12521,"idempotencyKey":"incident-12521","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:41.597514Z","receivedAt":"2026-05-15T20:50:41.616593Z"},{"id":2029,"fincertId":"FINCERT-2026-002029","incidentId":12519,"idempotencyKey":"incident-12519","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:41.561779Z","receivedAt":"2026-05-15T20:50:41.576356Z"},{"id":2028,"fincertId":"FINCERT-2026-002028","incidentId":12511,"idempotencyKey":"incident-12511","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:41.409645Z","receivedAt":"2026-05-15T20:50:41.422641Z"},{"id":2027,"fincertId":"FINCERT-2026-002027","incidentId":12507,"idempotencyKey":"incident-12507","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:41.322730Z","receivedAt":"2026-05-15T20:50:41.345891Z"},{"id":2026,"fincertId":"FINCERT-2026-002026","incidentId":12506,"idempotencyKey":"incident-12506","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:41.297435Z","receivedAt":"2026-05-15T20:50:41.313109Z"},{"id":2025,"fincertId":"FINCERT-2026-002025","incidentId":12505,"idempotencyKey":"incident-12505","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:41.270976Z","receivedAt":"2026-05-15T20:50:41.282544Z"},{"id":2024,"fincertId":"FINCERT-2026-002024","incidentId":12500,"idempotencyKey":"incident-12500","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:41.188346Z","receivedAt":"2026-05-15T20:50:41.200737Z"},{"id":2023,"fincertId":"FINCERT-2026-002023","incidentId":12499,"idempotencyKey":"incident-12499","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:41.170918Z","receivedAt":"2026-05-15T20:50:41.182283Z"},{"id":2022,"fincertId":"FINCERT-2026-002022","incidentId":12498,"idempotencyKey":"incident-12498","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:41.142234Z","receivedAt":"2026-05-15T20:50:41.164137Z"},{"id":2021,"fincertId":"FINCERT-2026-002021","incidentId":12497,"idempotencyKey":"incident-12497","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:41.108836Z","receivedAt":"2026-05-15T20:50:41.127127Z"},{"id":2020,"fincertId":"FINCERT-2026-002020","incidentId":12491,"idempotencyKey":"incident-12491","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:41.012416Z","receivedAt":"2026-05-15T20:50:41.029801Z"},{"id":2019,"fincertId":"FINCERT-2026-002019","incidentId":12488,"idempotencyKey":"incident-12488","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:40.917350Z","receivedAt":"2026-05-15T20:50:40.932274Z"},{"id":2018,"fincertId":"FINCERT-2026-002018","incidentId":12486,"idempotencyKey":"incident-12486","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:40.872401Z","receivedAt":"2026-05-15T20:50:40.893154Z"},{"id":2017,"fincertId":"FINCERT-2026-002017","incidentId":12473,"idempotencyKey":"incident-12473","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:40.634153Z","receivedAt":"2026-05-15T20:50:40.654939Z"},{"id":2016,"fincertId":"FINCERT-2026-002016","incidentId":12471,"idempotencyKey":"incident-12471","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:40.580991Z","receivedAt":"2026-05-15T20:50:40.599372Z"},{"id":2015,"fincertId":"FINCERT-2026-002015","incidentId":12468,"idempotencyKey":"incident-12468","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:40.506540Z","receivedAt":"2026-05-15T20:50:40.527522Z"},{"id":2014,"fincertId":"FINCERT-2026-002014","incidentId":12465,"idempotencyKey":"incident-12465","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:40.408813Z","receivedAt":"2026-05-15T20:50:40.422516Z"},{"id":2013,"fincertId":"FINCERT-2026-002013","incidentId":12463,"idempotencyKey":"incident-12463","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:40.357326Z","receivedAt":"2026-05-15T20:50:40.374781Z"},{"id":2012,"fincertId":"FINCERT-2026-002012","incidentId":12461,"idempotencyKey":"incident-12461","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:40.307664Z","receivedAt":"2026-05-15T20:50:40.328739Z"},{"id":2011,"fincertId":"FINCERT-2026-002011","incidentId":12458,"idempotencyKey":"incident-12458","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:40.251330Z","receivedAt":"2026-05-15T20:50:40.267899Z"},{"id":2010,"fincertId":"FINCERT-2026-002010","incidentId":12457,"idempotencyKey":"incident-12457","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:40.216141Z","receivedAt":"2026-05-15T20:50:40.235850Z"},{"id":2009,"fincertId":"FINCERT-2026-002009","incidentId":12455,"idempotencyKey":"incident-12455","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:40.144853Z","receivedAt":"2026-05-15T20:50:40.181889Z"},{"id":2008,"fincertId":"FINCERT-2026-002008","incidentId":12454,"idempotencyKey":"incident-12454","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:40.086579Z","receivedAt":"2026-05-15T20:50:40.101120Z"},{"id":2007,"fincertId":"FINCERT-2026-002007","incidentId":12447,"idempotencyKey":"incident-12447","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:39.862351Z","receivedAt":"2026-05-15T20:50:39.891398Z"},{"id":2006,"fincertId":"FINCERT-2026-002006","incidentId":12445,"idempotencyKey":"incident-12445","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:39.788934Z","receivedAt":"2026-05-15T20:50:39.814886Z"},{"id":2005,"fincertId":"FINCERT-2026-002005","incidentId":12444,"idempotencyKey":"incident-12444","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:39.746572Z","receivedAt":"2026-05-15T20:50:39.775622Z"},{"id":2004,"fincertId":"FINCERT-2026-002004","incidentId":12440,"idempotencyKey":"incident-12440","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:39.662440Z","receivedAt":"2026-05-15T20:50:39.674799Z"},{"id":2003,"fincertId":"FINCERT-2026-002003","incidentId":12433,"idempotencyKey":"incident-12433","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:39.519477Z","receivedAt":"2026-05-15T20:50:39.538767Z"},{"id":2002,"fincertId":"FINCERT-2026-002002","incidentId":12428,"idempotencyKey":"incident-12428","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:39.386108Z","receivedAt":"2026-05-15T20:50:39.399803Z"},{"id":2001,"fincertId":"FINCERT-2026-002001","incidentId":12427,"idempotencyKey":"incident-12427","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:39.344949Z","receivedAt":"2026-05-15T20:50:39.369326Z"},{"id":2000,"fincertId":"FINCERT-2026-002000","incidentId":12424,"idempotencyKey":"incident-12424","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:39.263814Z","receivedAt":"2026-05-15T20:50:39.282466Z"},{"id":1999,"fincertId":"FINCERT-2026-001999","incidentId":12423,"idempotencyKey":"incident-12423","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:39.231827Z","receivedAt":"2026-05-15T20:50:39.247697Z"},{"id":1998,"fincertId":"FINCERT-2026-001998","incidentId":12414,"idempotencyKey":"incident-12414","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:39.039034Z","receivedAt":"2026-05-15T20:50:39.053110Z"},{"id":1997,"fincertId":"FINCERT-2026-001997","incidentId":12413,"idempotencyKey":"incident-12413","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:39.020005Z","receivedAt":"2026-05-15T20:50:39.031477Z"},{"id":1996,"fincertId":"FINCERT-2026-001996","incidentId":12411,"idempotencyKey":"incident-12411","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:38.983608Z","receivedAt":"2026-05-15T20:50:39.000910Z"},{"id":1995,"fincertId":"FINCERT-2026-001995","incidentId":12405,"idempotencyKey":"incident-12405","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:38.874093Z","receivedAt":"2026-05-15T20:50:38.890044Z"},{"id":1994,"fincertId":"FINCERT-2026-001994","incidentId":12404,"idempotencyKey":"incident-12404","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:38.844122Z","receivedAt":"2026-05-15T20:50:38.864885Z"},{"id":1993,"fincertId":"FINCERT-2026-001993","incidentId":12401,"idempotencyKey":"incident-12401","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:38.768360Z","receivedAt":"2026-05-15T20:50:38.784694Z"},{"id":1992,"fincertId":"FINCERT-2026-001992","incidentId":12393,"idempotencyKey":"incident-12393","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:38.621510Z","receivedAt":"2026-05-15T20:50:38.643939Z"},{"id":1991,"fincertId":"FINCERT-2026-001991","incidentId":12391,"idempotencyKey":"incident-12391","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:38.573737Z","receivedAt":"2026-05-15T20:50:38.586627Z"},{"id":1990,"fincertId":"FINCERT-2026-001990","incidentId":12383,"idempotencyKey":"incident-12383","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:38.396644Z","receivedAt":"2026-05-15T20:50:38.412584Z"},{"id":1989,"fincertId":"FINCERT-2026-001989","incidentId":12381,"idempotencyKey":"incident-12381","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:38.336156Z","receivedAt":"2026-05-15T20:50:38.358072Z"},{"id":1988,"fincertId":"FINCERT-2026-001988","incidentId":12379,"idempotencyKey":"incident-12379","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:38.285056Z","receivedAt":"2026-05-15T20:50:38.297044Z"},{"id":1987,"fincertId":"FINCERT-2026-001987","incidentId":12374,"idempotencyKey":"incident-12374","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:38.202479Z","receivedAt":"2026-05-15T20:50:38.216712Z"},{"id":1986,"fincertId":"FINCERT-2026-001986","incidentId":12373,"idempotencyKey":"incident-12373","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:38.183620Z","receivedAt":"2026-05-15T20:50:38.195111Z"},{"id":1985,"fincertId":"FINCERT-2026-001985","incidentId":12371,"idempotencyKey":"incident-12371","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:38.148723Z","receivedAt":"2026-05-15T20:50:38.162663Z"},{"id":1984,"fincertId":"FINCERT-2026-001984","incidentId":12370,"idempotencyKey":"incident-12370","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:38.123861Z","receivedAt":"2026-05-15T20:50:38.140444Z"},{"id":1983,"fincertId":"FINCERT-2026-001983","incidentId":12368,"idempotencyKey":"incident-12368","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:38.076501Z","receivedAt":"2026-05-15T20:50:38.089212Z"},{"id":1982,"fincertId":"FINCERT-2026-001982","incidentId":12363,"idempotencyKey":"incident-12363","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:37.978348Z","receivedAt":"2026-05-15T20:50:38.000818Z"},{"id":1981,"fincertId":"FINCERT-2026-001981","incidentId":12360,"idempotencyKey":"incident-12360","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:37.916211Z","receivedAt":"2026-05-15T20:50:37.928961Z"},{"id":1980,"fincertId":"FINCERT-2026-001980","incidentId":12359,"idempotencyKey":"incident-12359","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:37.897340Z","receivedAt":"2026-05-15T20:50:37.909159Z"},{"id":1979,"fincertId":"FINCERT-2026-001979","incidentId":12345,"idempotencyKey":"incident-12345","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:37.642205Z","receivedAt":"2026-05-15T20:50:37.655046Z"},{"id":1978,"fincertId":"FINCERT-2026-001978","incidentId":12343,"idempotencyKey":"incident-12343","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:37.601422Z","receivedAt":"2026-05-15T20:50:37.615824Z"},{"id":1977,"fincertId":"FINCERT-2026-001977","incidentId":12341,"idempotencyKey":"incident-12341","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:37.560709Z","receivedAt":"2026-05-15T20:50:37.572943Z"},{"id":1976,"fincertId":"FINCERT-2026-001976","incidentId":12340,"idempotencyKey":"incident-12340","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:37.533462Z","receivedAt":"2026-05-15T20:50:37.546418Z"},{"id":1975,"fincertId":"FINCERT-2026-001975","incidentId":12334,"idempotencyKey":"incident-12334","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:37.403939Z","receivedAt":"2026-05-15T20:50:37.420209Z"},{"id":1974,"fincertId":"FINCERT-2026-001974","incidentId":12327,"idempotencyKey":"incident-12327","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:37.249350Z","receivedAt":"2026-05-15T20:50:37.263105Z"},{"id":1973,"fincertId":"FINCERT-2026-001973","incidentId":12323,"idempotencyKey":"incident-12323","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:37.181518Z","receivedAt":"2026-05-15T20:50:37.194544Z"},{"id":1972,"fincertId":"FINCERT-2026-001972","incidentId":12322,"idempotencyKey":"incident-12322","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:37.161445Z","receivedAt":"2026-05-15T20:50:37.174511Z"},{"id":1971,"fincertId":"FINCERT-2026-001971","incidentId":12317,"idempotencyKey":"incident-12317","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:37.046458Z","receivedAt":"2026-05-15T20:50:37.063798Z"},{"id":1970,"fincertId":"FINCERT-2026-001970","incidentId":12314,"idempotencyKey":"incident-12314","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:36.988067Z","receivedAt":"2026-05-15T20:50:37.000964Z"},{"id":1969,"fincertId":"FINCERT-2026-001969","incidentId":12313,"idempotencyKey":"incident-12313","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:36.967010Z","receivedAt":"2026-05-15T20:50:36.981288Z"},{"id":1968,"fincertId":"FINCERT-2026-001968","incidentId":12304,"idempotencyKey":"incident-12304","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:36.676091Z","receivedAt":"2026-05-15T20:50:36.689862Z"},{"id":1967,"fincertId":"FINCERT-2026-001967","incidentId":12298,"idempotencyKey":"incident-12298","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:36.517788Z","receivedAt":"2026-05-15T20:50:36.531534Z"},{"id":1966,"fincertId":"FINCERT-2026-001966","incidentId":12296,"idempotencyKey":"incident-12296","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:36.473469Z","receivedAt":"2026-05-15T20:50:36.489086Z"},{"id":1965,"fincertId":"FINCERT-2026-001965","incidentId":12295,"idempotencyKey":"incident-12295","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:36.444478Z","receivedAt":"2026-05-15T20:50:36.461565Z"},{"id":1964,"fincertId":"FINCERT-2026-001964","incidentId":12294,"idempotencyKey":"incident-12294","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:36.418759Z","receivedAt":"2026-05-15T20:50:36.434488Z"},{"id":1963,"fincertId":"FINCERT-2026-001963","incidentId":12293,"idempotencyKey":"incident-12293","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:36.389313Z","receivedAt":"2026-05-15T20:50:36.406576Z"},{"id":1962,"fincertId":"FINCERT-2026-001962","incidentId":12291,"idempotencyKey":"incident-12291","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:36.303607Z","receivedAt":"2026-05-15T20:50:36.331103Z"},{"id":1961,"fincertId":"FINCERT-2026-001961","incidentId":12290,"idempotencyKey":"incident-12290","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:36.272385Z","receivedAt":"2026-05-15T20:50:36.286375Z"},{"id":1960,"fincertId":"FINCERT-2026-001960","incidentId":12287,"idempotencyKey":"incident-12287","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:36.206231Z","receivedAt":"2026-05-15T20:50:36.220802Z"},{"id":1959,"fincertId":"FINCERT-2026-001959","incidentId":12274,"idempotencyKey":"incident-12274","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:35.950743Z","receivedAt":"2026-05-15T20:50:35.971999Z"},{"id":1958,"fincertId":"FINCERT-2026-001958","incidentId":12271,"idempotencyKey":"incident-12271","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:35.794971Z","receivedAt":"2026-05-15T20:50:35.842079Z"},{"id":1957,"fincertId":"FINCERT-2026-001957","incidentId":12269,"idempotencyKey":"incident-12269","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:35.733999Z","receivedAt":"2026-05-15T20:50:35.749318Z"},{"id":1956,"fincertId":"FINCERT-2026-001956","incidentId":12263,"idempotencyKey":"incident-12263","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:35.601925Z","receivedAt":"2026-05-15T20:50:35.622207Z"},{"id":1955,"fincertId":"FINCERT-2026-001955","incidentId":12259,"idempotencyKey":"incident-12259","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:35.530972Z","receivedAt":"2026-05-15T20:50:35.545088Z"},{"id":1954,"fincertId":"FINCERT-2026-001954","incidentId":12254,"idempotencyKey":"incident-12254","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:35.425832Z","receivedAt":"2026-05-15T20:50:35.440743Z"},{"id":1953,"fincertId":"FINCERT-2026-001953","incidentId":12252,"idempotencyKey":"incident-12252","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:35.375734Z","receivedAt":"2026-05-15T20:50:35.390938Z"},{"id":1952,"fincertId":"FINCERT-2026-001952","incidentId":12240,"idempotencyKey":"incident-12240","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:35.098526Z","receivedAt":"2026-05-15T20:50:35.117954Z"},{"id":1951,"fincertId":"FINCERT-2026-001951","incidentId":12232,"idempotencyKey":"incident-12232","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.932957Z","receivedAt":"2026-05-15T20:50:34.947091Z"},{"id":1950,"fincertId":"FINCERT-2026-001950","incidentId":12227,"idempotencyKey":"incident-12227","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:34.807614Z","receivedAt":"2026-05-15T20:50:34.830943Z"},{"id":1949,"fincertId":"FINCERT-2026-001949","incidentId":12223,"idempotencyKey":"incident-12223","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:34.731279Z","receivedAt":"2026-05-15T20:50:34.743748Z"},{"id":1948,"fincertId":"FINCERT-2026-001948","incidentId":12221,"idempotencyKey":"incident-12221","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:34.688805Z","receivedAt":"2026-05-15T20:50:34.701531Z"},{"id":1947,"fincertId":"FINCERT-2026-001947","incidentId":12218,"idempotencyKey":"incident-12218","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:34.634437Z","receivedAt":"2026-05-15T20:50:34.653657Z"},{"id":1946,"fincertId":"FINCERT-2026-001946","incidentId":12217,"idempotencyKey":"incident-12217","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.607973Z","receivedAt":"2026-05-15T20:50:34.623625Z"},{"id":1945,"fincertId":"FINCERT-2026-001945","incidentId":12216,"idempotencyKey":"incident-12216","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.586397Z","receivedAt":"2026-05-15T20:50:34.599165Z"},{"id":1944,"fincertId":"FINCERT-2026-001944","incidentId":12215,"idempotencyKey":"incident-12215","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.564645Z","receivedAt":"2026-05-15T20:50:34.578153Z"},{"id":1943,"fincertId":"FINCERT-2026-001943","incidentId":12213,"idempotencyKey":"incident-12213","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.515690Z","receivedAt":"2026-05-15T20:50:34.540591Z"},{"id":1942,"fincertId":"FINCERT-2026-001942","incidentId":12211,"idempotencyKey":"incident-12211","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.463536Z","receivedAt":"2026-05-15T20:50:34.484872Z"},{"id":1941,"fincertId":"FINCERT-2026-001941","incidentId":12208,"idempotencyKey":"incident-12208","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.396532Z","receivedAt":"2026-05-15T20:50:34.417781Z"},{"id":1940,"fincertId":"FINCERT-2026-001940","incidentId":12206,"idempotencyKey":"incident-12206","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.321661Z","receivedAt":"2026-05-15T20:50:34.354478Z"},{"id":1939,"fincertId":"FINCERT-2026-001939","incidentId":12203,"idempotencyKey":"incident-12203","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:34.267759Z","receivedAt":"2026-05-15T20:50:34.279241Z"},{"id":1938,"fincertId":"FINCERT-2026-001938","incidentId":12200,"idempotencyKey":"incident-12200","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:34.216867Z","receivedAt":"2026-05-15T20:50:34.233049Z"},{"id":1937,"fincertId":"FINCERT-2026-001937","incidentId":12194,"idempotencyKey":"incident-12194","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:34.082606Z","receivedAt":"2026-05-15T20:50:34.094956Z"},{"id":1936,"fincertId":"FINCERT-2026-001936","incidentId":12188,"idempotencyKey":"incident-12188","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:33.993558Z","receivedAt":"2026-05-15T20:50:34.006914Z"},{"id":1935,"fincertId":"FINCERT-2026-001935","incidentId":12186,"idempotencyKey":"incident-12186","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:33.952850Z","receivedAt":"2026-05-15T20:50:33.971503Z"},{"id":1934,"fincertId":"FINCERT-2026-001934","incidentId":12185,"idempotencyKey":"incident-12185","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:33.935642Z","receivedAt":"2026-05-15T20:50:33.946106Z"},{"id":1933,"fincertId":"FINCERT-2026-001933","incidentId":12184,"idempotencyKey":"incident-12184","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:33.915385Z","receivedAt":"2026-05-15T20:50:33.928883Z"},{"id":1932,"fincertId":"FINCERT-2026-001932","incidentId":12182,"idempotencyKey":"incident-12182","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:33.866534Z","receivedAt":"2026-05-15T20:50:33.882068Z"},{"id":1931,"fincertId":"FINCERT-2026-001931","incidentId":12181,"idempotencyKey":"incident-12181","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:33.833956Z","receivedAt":"2026-05-15T20:50:33.859168Z"},{"id":1930,"fincertId":"FINCERT-2026-001930","incidentId":12180,"idempotencyKey":"incident-12180","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:33.802581Z","receivedAt":"2026-05-15T20:50:33.822108Z"},{"id":1929,"fincertId":"FINCERT-2026-001929","incidentId":12178,"idempotencyKey":"incident-12178","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:33.713953Z","receivedAt":"2026-05-15T20:50:33.746324Z"},{"id":1928,"fincertId":"FINCERT-2026-001928","incidentId":12175,"idempotencyKey":"incident-12175","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:33.666206Z","receivedAt":"2026-05-15T20:50:33.679297Z"},{"id":1927,"fincertId":"FINCERT-2026-001927","incidentId":12174,"idempotencyKey":"incident-12174","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:33.635808Z","receivedAt":"2026-05-15T20:50:33.659145Z"},{"id":1926,"fincertId":"FINCERT-2026-001926","incidentId":12160,"idempotencyKey":"incident-12160","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:33.379496Z","receivedAt":"2026-05-15T20:50:33.395532Z"},{"id":1925,"fincertId":"FINCERT-2026-001925","incidentId":12159,"idempotencyKey":"incident-12159","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:33.329767Z","receivedAt":"2026-05-15T20:50:33.369317Z"},{"id":1924,"fincertId":"FINCERT-2026-001924","incidentId":12158,"idempotencyKey":"incident-12158","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:33.257636Z","receivedAt":"2026-05-15T20:50:33.297779Z"},{"id":1923,"fincertId":"FINCERT-2026-001923","incidentId":12153,"idempotencyKey":"incident-12153","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:33.058597Z","receivedAt":"2026-05-15T20:50:33.073394Z"},{"id":1922,"fincertId":"FINCERT-2026-001922","incidentId":12150,"idempotencyKey":"incident-12150","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:32.971515Z","receivedAt":"2026-05-15T20:50:32.991075Z"},{"id":1921,"fincertId":"FINCERT-2026-001921","incidentId":12147,"idempotencyKey":"incident-12147","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:32.902550Z","receivedAt":"2026-05-15T20:50:32.919372Z"},{"id":1920,"fincertId":"FINCERT-2026-001920","incidentId":12146,"idempotencyKey":"incident-12146","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:32.795305Z","receivedAt":"2026-05-15T20:50:32.833807Z"},{"id":1919,"fincertId":"FINCERT-2026-001919","incidentId":12144,"idempotencyKey":"incident-12144","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:32.724480Z","receivedAt":"2026-05-15T20:50:32.761856Z"},{"id":1918,"fincertId":"FINCERT-2026-001918","incidentId":12143,"idempotencyKey":"incident-12143","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:32.663689Z","receivedAt":"2026-05-15T20:50:32.684826Z"},{"id":1917,"fincertId":"FINCERT-2026-001917","incidentId":12137,"idempotencyKey":"incident-12137","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:32.512363Z","receivedAt":"2026-05-15T20:50:32.532691Z"},{"id":1916,"fincertId":"FINCERT-2026-001916","incidentId":12135,"idempotencyKey":"incident-12135","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:32.442839Z","receivedAt":"2026-05-15T20:50:32.472034Z"},{"id":1915,"fincertId":"FINCERT-2026-001915","incidentId":12133,"idempotencyKey":"incident-12133","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:32.391634Z","receivedAt":"2026-05-15T20:50:32.416241Z"},{"id":1914,"fincertId":"FINCERT-2026-001914","incidentId":12131,"idempotencyKey":"incident-12131","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:32.300608Z","receivedAt":"2026-05-15T20:50:32.339914Z"},{"id":1913,"fincertId":"FINCERT-2026-001913","incidentId":12130,"idempotencyKey":"incident-12130","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:32.241205Z","receivedAt":"2026-05-15T20:50:32.280504Z"},{"id":1912,"fincertId":"FINCERT-2026-001912","incidentId":12118,"idempotencyKey":"incident-12118","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:31.891214Z","receivedAt":"2026-05-15T20:50:31.903351Z"},{"id":1911,"fincertId":"FINCERT-2026-001911","incidentId":12114,"idempotencyKey":"incident-12114","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:31.788927Z","receivedAt":"2026-05-15T20:50:31.802985Z"},{"id":1910,"fincertId":"FINCERT-2026-001910","incidentId":12107,"idempotencyKey":"incident-12107","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:31.660879Z","receivedAt":"2026-05-15T20:50:31.673770Z"},{"id":1909,"fincertId":"FINCERT-2026-001909","incidentId":12103,"idempotencyKey":"incident-12103","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:31.579291Z","receivedAt":"2026-05-15T20:50:31.590106Z"},{"id":1908,"fincertId":"FINCERT-2026-001908","incidentId":12100,"idempotencyKey":"incident-12100","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:31.533649Z","receivedAt":"2026-05-15T20:50:31.545976Z"},{"id":1907,"fincertId":"FINCERT-2026-001907","incidentId":12097,"idempotencyKey":"incident-12097","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:31.446724Z","receivedAt":"2026-05-15T20:50:31.467451Z"},{"id":1906,"fincertId":"FINCERT-2026-001906","incidentId":12094,"idempotencyKey":"incident-12094","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:31.397758Z","receivedAt":"2026-05-15T20:50:31.411980Z"},{"id":1905,"fincertId":"FINCERT-2026-001905","incidentId":12087,"idempotencyKey":"incident-12087","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:31.276474Z","receivedAt":"2026-05-15T20:50:31.288796Z"},{"id":1904,"fincertId":"FINCERT-2026-001904","incidentId":12085,"idempotencyKey":"incident-12085","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:31.238504Z","receivedAt":"2026-05-15T20:50:31.250139Z"},{"id":1903,"fincertId":"FINCERT-2026-001903","incidentId":12077,"idempotencyKey":"incident-12077","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:31.086519Z","receivedAt":"2026-05-15T20:50:31.099696Z"},{"id":1902,"fincertId":"FINCERT-2026-001902","incidentId":12073,"idempotencyKey":"incident-12073","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:30.987937Z","receivedAt":"2026-05-15T20:50:31.013196Z"},{"id":1901,"fincertId":"FINCERT-2026-001901","incidentId":12071,"idempotencyKey":"incident-12071","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:30.931954Z","receivedAt":"2026-05-15T20:50:30.945108Z"},{"id":1900,"fincertId":"FINCERT-2026-001900","incidentId":12068,"idempotencyKey":"incident-12068","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:30.868856Z","receivedAt":"2026-05-15T20:50:30.888823Z"},{"id":1899,"fincertId":"FINCERT-2026-001899","incidentId":12065,"idempotencyKey":"incident-12065","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:30.794221Z","receivedAt":"2026-05-15T20:50:30.807866Z"},{"id":1898,"fincertId":"FINCERT-2026-001898","incidentId":12058,"idempotencyKey":"incident-12058","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:30.688758Z","receivedAt":"2026-05-15T20:50:30.700820Z"},{"id":1897,"fincertId":"FINCERT-2026-001897","incidentId":12054,"idempotencyKey":"incident-12054","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:30.601239Z","receivedAt":"2026-05-15T20:50:30.618982Z"},{"id":1896,"fincertId":"FINCERT-2026-001896","incidentId":12052,"idempotencyKey":"incident-12052","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:30.561605Z","receivedAt":"2026-05-15T20:50:30.573223Z"},{"id":1895,"fincertId":"FINCERT-2026-001895","incidentId":12049,"idempotencyKey":"incident-12049","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:30.514057Z","receivedAt":"2026-05-15T20:50:30.528386Z"},{"id":1894,"fincertId":"FINCERT-2026-001894","incidentId":12045,"idempotencyKey":"incident-12045","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:30.429004Z","receivedAt":"2026-05-15T20:50:30.440381Z"},{"id":1893,"fincertId":"FINCERT-2026-001893","incidentId":12043,"idempotencyKey":"incident-12043","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:30.383824Z","receivedAt":"2026-05-15T20:50:30.396571Z"},{"id":1892,"fincertId":"FINCERT-2026-001892","incidentId":12042,"idempotencyKey":"incident-12042","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:30.364383Z","receivedAt":"2026-05-15T20:50:30.377835Z"},{"id":1891,"fincertId":"FINCERT-2026-001891","incidentId":12041,"idempotencyKey":"incident-12041","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:30.335382Z","receivedAt":"2026-05-15T20:50:30.357389Z"},{"id":1890,"fincertId":"FINCERT-2026-001890","incidentId":12036,"idempotencyKey":"incident-12036","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:30.247036Z","receivedAt":"2026-05-15T20:50:30.258911Z"},{"id":1889,"fincertId":"FINCERT-2026-001889","incidentId":12033,"idempotencyKey":"incident-12033","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:30.179922Z","receivedAt":"2026-05-15T20:50:30.199085Z"},{"id":1888,"fincertId":"FINCERT-2026-001888","incidentId":12030,"idempotencyKey":"incident-12030","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:30.092738Z","receivedAt":"2026-05-15T20:50:30.106866Z"},{"id":1887,"fincertId":"FINCERT-2026-001887","incidentId":12029,"idempotencyKey":"incident-12029","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:30.072634Z","receivedAt":"2026-05-15T20:50:30.086202Z"},{"id":1886,"fincertId":"FINCERT-2026-001886","incidentId":12028,"idempotencyKey":"incident-12028","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:30.053467Z","receivedAt":"2026-05-15T20:50:30.065854Z"},{"id":1885,"fincertId":"FINCERT-2026-001885","incidentId":12027,"idempotencyKey":"incident-12027","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:30.033301Z","receivedAt":"2026-05-15T20:50:30.046455Z"},{"id":1884,"fincertId":"FINCERT-2026-001884","incidentId":12025,"idempotencyKey":"incident-12025","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:29.987905Z","receivedAt":"2026-05-15T20:50:30.011450Z"},{"id":1883,"fincertId":"FINCERT-2026-001883","incidentId":12023,"idempotencyKey":"incident-12023","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:29.939033Z","receivedAt":"2026-05-15T20:50:29.950424Z"},{"id":1882,"fincertId":"FINCERT-2026-001882","incidentId":12021,"idempotencyKey":"incident-12021","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:29.886801Z","receivedAt":"2026-05-15T20:50:29.900526Z"},{"id":1881,"fincertId":"FINCERT-2026-001881","incidentId":12020,"idempotencyKey":"incident-12020","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:29.862505Z","receivedAt":"2026-05-15T20:50:29.878627Z"},{"id":1880,"fincertId":"FINCERT-2026-001880","incidentId":12019,"idempotencyKey":"incident-12019","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:29.819369Z","receivedAt":"2026-05-15T20:50:29.852782Z"},{"id":1879,"fincertId":"FINCERT-2026-001879","incidentId":12017,"idempotencyKey":"incident-12017","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:29.781949Z","receivedAt":"2026-05-15T20:50:29.793394Z"},{"id":1878,"fincertId":"FINCERT-2026-001878","incidentId":12013,"idempotencyKey":"incident-12013","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:29.680101Z","receivedAt":"2026-05-15T20:50:29.707798Z"},{"id":1877,"fincertId":"FINCERT-2026-001877","incidentId":12011,"idempotencyKey":"incident-12011","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:29.602699Z","receivedAt":"2026-05-15T20:50:29.628133Z"},{"id":1876,"fincertId":"FINCERT-2026-001876","incidentId":11999,"idempotencyKey":"incident-11999","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:29.374079Z","receivedAt":"2026-05-15T20:50:29.389723Z"},{"id":1875,"fincertId":"FINCERT-2026-001875","incidentId":11998,"idempotencyKey":"incident-11998","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:29.323609Z","receivedAt":"2026-05-15T20:50:29.362123Z"},{"id":1874,"fincertId":"FINCERT-2026-001874","incidentId":11992,"idempotencyKey":"incident-11992","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:29.127688Z","receivedAt":"2026-05-15T20:50:29.148580Z"},{"id":1873,"fincertId":"FINCERT-2026-001873","incidentId":11987,"idempotencyKey":"incident-11987","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:28.996983Z","receivedAt":"2026-05-15T20:50:29.030580Z"},{"id":1872,"fincertId":"FINCERT-2026-001872","incidentId":11986,"idempotencyKey":"incident-11986","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:28.950131Z","receivedAt":"2026-05-15T20:50:28.967805Z"},{"id":1871,"fincertId":"FINCERT-2026-001871","incidentId":11978,"idempotencyKey":"incident-11978","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:28.816206Z","receivedAt":"2026-05-15T20:50:28.842596Z"},{"id":1870,"fincertId":"FINCERT-2026-001870","incidentId":11975,"idempotencyKey":"incident-11975","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:28.767527Z","receivedAt":"2026-05-15T20:50:28.780086Z"},{"id":1869,"fincertId":"FINCERT-2026-001869","incidentId":11971,"idempotencyKey":"incident-11971","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:28.695139Z","receivedAt":"2026-05-15T20:50:28.708897Z"},{"id":1868,"fincertId":"FINCERT-2026-001868","incidentId":11968,"idempotencyKey":"incident-11968","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:28.648232Z","receivedAt":"2026-05-15T20:50:28.661041Z"},{"id":1867,"fincertId":"FINCERT-2026-001867","incidentId":11966,"idempotencyKey":"incident-11966","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:28.599721Z","receivedAt":"2026-05-15T20:50:28.618869Z"},{"id":1866,"fincertId":"FINCERT-2026-001866","incidentId":11962,"idempotencyKey":"incident-11962","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:28.487791Z","receivedAt":"2026-05-15T20:50:28.514271Z"},{"id":1865,"fincertId":"FINCERT-2026-001865","incidentId":11960,"idempotencyKey":"incident-11960","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:28.423157Z","receivedAt":"2026-05-15T20:50:28.440060Z"},{"id":1864,"fincertId":"FINCERT-2026-001864","incidentId":11959,"idempotencyKey":"incident-11959","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:28.387566Z","receivedAt":"2026-05-15T20:50:28.405737Z"},{"id":1863,"fincertId":"FINCERT-2026-001863","incidentId":11958,"idempotencyKey":"incident-11958","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:28.340127Z","receivedAt":"2026-05-15T20:50:28.369101Z"},{"id":1862,"fincertId":"FINCERT-2026-001862","incidentId":11954,"idempotencyKey":"incident-11954","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:28.258976Z","receivedAt":"2026-05-15T20:50:28.273530Z"},{"id":1861,"fincertId":"FINCERT-2026-001861","incidentId":11952,"idempotencyKey":"incident-11952","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:28.210153Z","receivedAt":"2026-05-15T20:50:28.223883Z"},{"id":1860,"fincertId":"FINCERT-2026-001860","incidentId":11951,"idempotencyKey":"incident-11951","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:28.187832Z","receivedAt":"2026-05-15T20:50:28.201558Z"},{"id":1859,"fincertId":"FINCERT-2026-001859","incidentId":11949,"idempotencyKey":"incident-11949","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:28.144909Z","receivedAt":"2026-05-15T20:50:28.163761Z"},{"id":1858,"fincertId":"FINCERT-2026-001858","incidentId":11948,"idempotencyKey":"incident-11948","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:28.111880Z","receivedAt":"2026-05-15T20:50:28.135864Z"},{"id":1857,"fincertId":"FINCERT-2026-001857","incidentId":11943,"idempotencyKey":"incident-11943","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:28.035653Z","receivedAt":"2026-05-15T20:50:28.047730Z"},{"id":1856,"fincertId":"FINCERT-2026-001856","incidentId":11933,"idempotencyKey":"incident-11933","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:27.876590Z","receivedAt":"2026-05-15T20:50:27.887966Z"},{"id":1855,"fincertId":"FINCERT-2026-001855","incidentId":11927,"idempotencyKey":"incident-11927","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:27.720639Z","receivedAt":"2026-05-15T20:50:27.739083Z"},{"id":1854,"fincertId":"FINCERT-2026-001854","incidentId":11926,"idempotencyKey":"incident-11926","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:27.673560Z","receivedAt":"2026-05-15T20:50:27.701558Z"},{"id":1853,"fincertId":"FINCERT-2026-001853","incidentId":11920,"idempotencyKey":"incident-11920","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:27.445927Z","receivedAt":"2026-05-15T20:50:27.468228Z"},{"id":1852,"fincertId":"FINCERT-2026-001852","incidentId":11916,"idempotencyKey":"incident-11916","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:27.367057Z","receivedAt":"2026-05-15T20:50:27.379416Z"},{"id":1851,"fincertId":"FINCERT-2026-001851","incidentId":11912,"idempotencyKey":"incident-11912","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:27.271967Z","receivedAt":"2026-05-15T20:50:27.285Z"},{"id":1850,"fincertId":"FINCERT-2026-001850","incidentId":11910,"idempotencyKey":"incident-11910","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:27.226337Z","receivedAt":"2026-05-15T20:50:27.240843Z"},{"id":1849,"fincertId":"FINCERT-2026-001849","incidentId":11909,"idempotencyKey":"incident-11909","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:27.205577Z","receivedAt":"2026-05-15T20:50:27.218715Z"},{"id":1848,"fincertId":"FINCERT-2026-001848","incidentId":11907,"idempotencyKey":"incident-11907","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:27.147598Z","receivedAt":"2026-05-15T20:50:27.176716Z"},{"id":1847,"fincertId":"FINCERT-2026-001847","incidentId":11906,"idempotencyKey":"incident-11906","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:27.105330Z","receivedAt":"2026-05-15T20:50:27.131962Z"},{"id":1846,"fincertId":"FINCERT-2026-001846","incidentId":11905,"idempotencyKey":"incident-11905","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:27.054895Z","receivedAt":"2026-05-15T20:50:27.085985Z"},{"id":1845,"fincertId":"FINCERT-2026-001845","incidentId":11904,"idempotencyKey":"incident-11904","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:27.030763Z","receivedAt":"2026-05-15T20:50:27.044765Z"},{"id":1844,"fincertId":"FINCERT-2026-001844","incidentId":11897,"idempotencyKey":"incident-11897","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:26.909081Z","receivedAt":"2026-05-15T20:50:26.921249Z"},{"id":1843,"fincertId":"FINCERT-2026-001843","incidentId":11888,"idempotencyKey":"incident-11888","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:26.630060Z","receivedAt":"2026-05-15T20:50:26.683559Z"},{"id":1842,"fincertId":"FINCERT-2026-001842","incidentId":11882,"idempotencyKey":"incident-11882","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:26.481081Z","receivedAt":"2026-05-15T20:50:26.500059Z"},{"id":1841,"fincertId":"FINCERT-2026-001841","incidentId":11879,"idempotencyKey":"incident-11879","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:26.426878Z","receivedAt":"2026-05-15T20:50:26.439112Z"},{"id":1840,"fincertId":"FINCERT-2026-001840","incidentId":11878,"idempotencyKey":"incident-11878","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:26.408703Z","receivedAt":"2026-05-15T20:50:26.420030Z"},{"id":1839,"fincertId":"FINCERT-2026-001839","incidentId":11875,"idempotencyKey":"incident-11875","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:26.360405Z","receivedAt":"2026-05-15T20:50:26.375132Z"},{"id":1838,"fincertId":"FINCERT-2026-001838","incidentId":11866,"idempotencyKey":"incident-11866","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:26.145830Z","receivedAt":"2026-05-15T20:50:26.162723Z"},{"id":1837,"fincertId":"FINCERT-2026-001837","incidentId":11863,"idempotencyKey":"incident-11863","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:26.063132Z","receivedAt":"2026-05-15T20:50:26.080189Z"},{"id":1836,"fincertId":"FINCERT-2026-001836","incidentId":11862,"idempotencyKey":"incident-11862","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:25.995907Z","receivedAt":"2026-05-15T20:50:26.039600Z"},{"id":1835,"fincertId":"FINCERT-2026-001835","incidentId":11861,"idempotencyKey":"incident-11861","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:25.934022Z","receivedAt":"2026-05-15T20:50:25.958598Z"},{"id":1834,"fincertId":"FINCERT-2026-001834","incidentId":11851,"idempotencyKey":"incident-11851","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:25.658037Z","receivedAt":"2026-05-15T20:50:25.675653Z"},{"id":1833,"fincertId":"FINCERT-2026-001833","incidentId":11850,"idempotencyKey":"incident-11850","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:25.609486Z","receivedAt":"2026-05-15T20:50:25.636443Z"},{"id":1832,"fincertId":"FINCERT-2026-001832","incidentId":11849,"idempotencyKey":"incident-11849","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:25.587399Z","receivedAt":"2026-05-15T20:50:25.599370Z"},{"id":1831,"fincertId":"FINCERT-2026-001831","incidentId":11848,"idempotencyKey":"incident-11848","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:25.559335Z","receivedAt":"2026-05-15T20:50:25.572883Z"},{"id":1830,"fincertId":"FINCERT-2026-001830","incidentId":11847,"idempotencyKey":"incident-11847","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:25.537910Z","receivedAt":"2026-05-15T20:50:25.551553Z"},{"id":1829,"fincertId":"FINCERT-2026-001829","incidentId":11840,"idempotencyKey":"incident-11840","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:25.379828Z","receivedAt":"2026-05-15T20:50:25.395060Z"},{"id":1828,"fincertId":"FINCERT-2026-001828","incidentId":11839,"idempotencyKey":"incident-11839","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:25.323652Z","receivedAt":"2026-05-15T20:50:25.365337Z"},{"id":1827,"fincertId":"FINCERT-2026-001827","incidentId":11834,"idempotencyKey":"incident-11834","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:25.235960Z","receivedAt":"2026-05-15T20:50:25.248923Z"},{"id":1826,"fincertId":"FINCERT-2026-001826","incidentId":11828,"idempotencyKey":"incident-11828","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:25.107856Z","receivedAt":"2026-05-15T20:50:25.128441Z"},{"id":1825,"fincertId":"FINCERT-2026-001825","incidentId":11825,"idempotencyKey":"incident-11825","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:25.047510Z","receivedAt":"2026-05-15T20:50:25.063569Z"},{"id":1824,"fincertId":"FINCERT-2026-001824","incidentId":11824,"idempotencyKey":"incident-11824","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:24.997137Z","receivedAt":"2026-05-15T20:50:25.016384Z"},{"id":1823,"fincertId":"FINCERT-2026-001823","incidentId":11817,"idempotencyKey":"incident-11817","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:24.733365Z","receivedAt":"2026-05-15T20:50:24.761707Z"},{"id":1822,"fincertId":"FINCERT-2026-001822","incidentId":11816,"idempotencyKey":"incident-11816","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:24.679738Z","receivedAt":"2026-05-15T20:50:24.725851Z"},{"id":1821,"fincertId":"FINCERT-2026-001821","incidentId":11813,"idempotencyKey":"incident-11813","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:24.499673Z","receivedAt":"2026-05-15T20:50:24.553441Z"},{"id":1820,"fincertId":"FINCERT-2026-001820","incidentId":11811,"idempotencyKey":"incident-11811","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:24.446142Z","receivedAt":"2026-05-15T20:50:24.461968Z"},{"id":1819,"fincertId":"FINCERT-2026-001819","incidentId":11805,"idempotencyKey":"incident-11805","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:24.297855Z","receivedAt":"2026-05-15T20:50:24.319146Z"},{"id":1818,"fincertId":"FINCERT-2026-001818","incidentId":11803,"idempotencyKey":"incident-11803","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:24.251700Z","receivedAt":"2026-05-15T20:50:24.264126Z"},{"id":1817,"fincertId":"FINCERT-2026-001817","incidentId":11802,"idempotencyKey":"incident-11802","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:24.229332Z","receivedAt":"2026-05-15T20:50:24.243877Z"},{"id":1816,"fincertId":"FINCERT-2026-001816","incidentId":11801,"idempotencyKey":"incident-11801","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:24.204088Z","receivedAt":"2026-05-15T20:50:24.220523Z"},{"id":1815,"fincertId":"FINCERT-2026-001815","incidentId":11800,"idempotencyKey":"incident-11800","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:24.181110Z","receivedAt":"2026-05-15T20:50:24.195935Z"},{"id":1814,"fincertId":"FINCERT-2026-001814","incidentId":11798,"idempotencyKey":"incident-11798","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:24.132589Z","receivedAt":"2026-05-15T20:50:24.151389Z"},{"id":1813,"fincertId":"FINCERT-2026-001813","incidentId":11796,"idempotencyKey":"incident-11796","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:24.086985Z","receivedAt":"2026-05-15T20:50:24.102541Z"},{"id":1812,"fincertId":"FINCERT-2026-001812","incidentId":11794,"idempotencyKey":"incident-11794","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:24.034105Z","receivedAt":"2026-05-15T20:50:24.059393Z"},{"id":1811,"fincertId":"FINCERT-2026-001811","incidentId":11793,"idempotencyKey":"incident-11793","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.984484Z","receivedAt":"2026-05-15T20:50:24.015591Z"},{"id":1810,"fincertId":"FINCERT-2026-001810","incidentId":11792,"idempotencyKey":"incident-11792","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.938130Z","receivedAt":"2026-05-15T20:50:23.962683Z"},{"id":1809,"fincertId":"FINCERT-2026-001809","incidentId":11789,"idempotencyKey":"incident-11789","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.885064Z","receivedAt":"2026-05-15T20:50:23.899728Z"},{"id":1808,"fincertId":"FINCERT-2026-001808","incidentId":11788,"idempotencyKey":"incident-11788","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.861877Z","receivedAt":"2026-05-15T20:50:23.876763Z"},{"id":1807,"fincertId":"FINCERT-2026-001807","incidentId":11787,"idempotencyKey":"incident-11787","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:23.806527Z","receivedAt":"2026-05-15T20:50:23.838892Z"},{"id":1806,"fincertId":"FINCERT-2026-001806","incidentId":11782,"idempotencyKey":"incident-11782","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:23.719554Z","receivedAt":"2026-05-15T20:50:23.730944Z"},{"id":1805,"fincertId":"FINCERT-2026-001805","incidentId":11781,"idempotencyKey":"incident-11781","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:23.699229Z","receivedAt":"2026-05-15T20:50:23.712712Z"},{"id":1804,"fincertId":"FINCERT-2026-001804","incidentId":11780,"idempotencyKey":"incident-11780","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.680663Z","receivedAt":"2026-05-15T20:50:23.691530Z"},{"id":1803,"fincertId":"FINCERT-2026-001803","incidentId":11779,"idempotencyKey":"incident-11779","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.662136Z","receivedAt":"2026-05-15T20:50:23.673840Z"},{"id":1802,"fincertId":"FINCERT-2026-001802","incidentId":11778,"idempotencyKey":"incident-11778","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:23.640553Z","receivedAt":"2026-05-15T20:50:23.656068Z"},{"id":1801,"fincertId":"FINCERT-2026-001801","incidentId":11769,"idempotencyKey":"incident-11769","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:23.486469Z","receivedAt":"2026-05-15T20:50:23.504668Z"},{"id":1800,"fincertId":"FINCERT-2026-001800","incidentId":11768,"idempotencyKey":"incident-11768","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.453987Z","receivedAt":"2026-05-15T20:50:23.473621Z"},{"id":1799,"fincertId":"FINCERT-2026-001799","incidentId":11766,"idempotencyKey":"incident-11766","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.410243Z","receivedAt":"2026-05-15T20:50:23.424933Z"},{"id":1798,"fincertId":"FINCERT-2026-001798","incidentId":11765,"idempotencyKey":"incident-11765","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:23.366382Z","receivedAt":"2026-05-15T20:50:23.394617Z"},{"id":1797,"fincertId":"FINCERT-2026-001797","incidentId":11758,"idempotencyKey":"incident-11758","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:23.214466Z","receivedAt":"2026-05-15T20:50:23.228779Z"},{"id":1796,"fincertId":"FINCERT-2026-001796","incidentId":11757,"idempotencyKey":"incident-11757","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:23.175402Z","receivedAt":"2026-05-15T20:50:23.198847Z"},{"id":1795,"fincertId":"FINCERT-2026-001795","incidentId":11749,"idempotencyKey":"incident-11749","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:22.920199Z","receivedAt":"2026-05-15T20:50:22.933671Z"},{"id":1794,"fincertId":"FINCERT-2026-001794","incidentId":11747,"idempotencyKey":"incident-11747","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:22.853410Z","receivedAt":"2026-05-15T20:50:22.879743Z"},{"id":1793,"fincertId":"FINCERT-2026-001793","incidentId":11744,"idempotencyKey":"incident-11744","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:22.756331Z","receivedAt":"2026-05-15T20:50:22.769680Z"},{"id":1792,"fincertId":"FINCERT-2026-001792","incidentId":11743,"idempotencyKey":"incident-11743","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:22.731528Z","receivedAt":"2026-05-15T20:50:22.748736Z"},{"id":1791,"fincertId":"FINCERT-2026-001791","incidentId":11742,"idempotencyKey":"incident-11742","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:22.711663Z","receivedAt":"2026-05-15T20:50:22.724040Z"},{"id":1790,"fincertId":"FINCERT-2026-001790","incidentId":11741,"idempotencyKey":"incident-11741","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:22.691980Z","receivedAt":"2026-05-15T20:50:22.705778Z"},{"id":1789,"fincertId":"FINCERT-2026-001789","incidentId":11738,"idempotencyKey":"incident-11738","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:22.631211Z","receivedAt":"2026-05-15T20:50:22.651555Z"},{"id":1788,"fincertId":"FINCERT-2026-001788","incidentId":11733,"idempotencyKey":"incident-11733","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:22.480441Z","receivedAt":"2026-05-15T20:50:22.501140Z"},{"id":1787,"fincertId":"FINCERT-2026-001787","incidentId":11730,"idempotencyKey":"incident-11730","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:22.412407Z","receivedAt":"2026-05-15T20:50:22.424100Z"},{"id":1786,"fincertId":"FINCERT-2026-001786","incidentId":11718,"idempotencyKey":"incident-11718","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:22.209774Z","receivedAt":"2026-05-15T20:50:22.223245Z"},{"id":1785,"fincertId":"FINCERT-2026-001785","incidentId":11713,"idempotencyKey":"incident-11713","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:22.077640Z","receivedAt":"2026-05-15T20:50:22.091577Z"},{"id":1784,"fincertId":"FINCERT-2026-001784","incidentId":11712,"idempotencyKey":"incident-11712","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:22.033750Z","receivedAt":"2026-05-15T20:50:22.057455Z"},{"id":1783,"fincertId":"FINCERT-2026-001783","incidentId":11710,"idempotencyKey":"incident-11710","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:21.936796Z","receivedAt":"2026-05-15T20:50:21.947858Z"},{"id":1782,"fincertId":"FINCERT-2026-001782","incidentId":11702,"idempotencyKey":"incident-11702","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:21.780027Z","receivedAt":"2026-05-15T20:50:21.791331Z"},{"id":1781,"fincertId":"FINCERT-2026-001781","incidentId":11700,"idempotencyKey":"incident-11700","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:21.731678Z","receivedAt":"2026-05-15T20:50:21.743430Z"},{"id":1780,"fincertId":"FINCERT-2026-001780","incidentId":11697,"idempotencyKey":"incident-11697","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:21.675418Z","receivedAt":"2026-05-15T20:50:21.689122Z"},{"id":1779,"fincertId":"FINCERT-2026-001779","incidentId":11696,"idempotencyKey":"incident-11696","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:21.643687Z","receivedAt":"2026-05-15T20:50:21.665485Z"},{"id":1778,"fincertId":"FINCERT-2026-001778","incidentId":11691,"idempotencyKey":"incident-11691","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:21.542412Z","receivedAt":"2026-05-15T20:50:21.556451Z"},{"id":1777,"fincertId":"FINCERT-2026-001777","incidentId":11688,"idempotencyKey":"incident-11688","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:21.483582Z","receivedAt":"2026-05-15T20:50:21.504432Z"},{"id":1776,"fincertId":"FINCERT-2026-001776","incidentId":11686,"idempotencyKey":"incident-11686","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:21.439405Z","receivedAt":"2026-05-15T20:50:21.453477Z"},{"id":1775,"fincertId":"FINCERT-2026-001775","incidentId":11685,"idempotencyKey":"incident-11685","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:21.416282Z","receivedAt":"2026-05-15T20:50:21.431906Z"},{"id":1774,"fincertId":"FINCERT-2026-001774","incidentId":11673,"idempotencyKey":"incident-11673","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:21.208427Z","receivedAt":"2026-05-15T20:50:21.220892Z"},{"id":1773,"fincertId":"FINCERT-2026-001773","incidentId":11672,"idempotencyKey":"incident-11672","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:21.188799Z","receivedAt":"2026-05-15T20:50:21.202228Z"},{"id":1772,"fincertId":"FINCERT-2026-001772","incidentId":11671,"idempotencyKey":"incident-11671","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:21.139152Z","receivedAt":"2026-05-15T20:50:21.176753Z"},{"id":1771,"fincertId":"FINCERT-2026-001771","incidentId":11667,"idempotencyKey":"incident-11667","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:21.056443Z","receivedAt":"2026-05-15T20:50:21.073138Z"},{"id":1770,"fincertId":"FINCERT-2026-001770","incidentId":11666,"idempotencyKey":"incident-11666","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:21.035847Z","receivedAt":"2026-05-15T20:50:21.049835Z"},{"id":1769,"fincertId":"FINCERT-2026-001769","incidentId":11665,"idempotencyKey":"incident-11665","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:21.016221Z","receivedAt":"2026-05-15T20:50:21.028618Z"},{"id":1768,"fincertId":"FINCERT-2026-001768","incidentId":11660,"idempotencyKey":"incident-11660","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:20.921718Z","receivedAt":"2026-05-15T20:50:20.932793Z"},{"id":1767,"fincertId":"FINCERT-2026-001767","incidentId":11659,"idempotencyKey":"incident-11659","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:20.902865Z","receivedAt":"2026-05-15T20:50:20.914819Z"},{"id":1766,"fincertId":"FINCERT-2026-001766","incidentId":11656,"idempotencyKey":"incident-11656","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:20.796998Z","receivedAt":"2026-05-15T20:50:20.828064Z"},{"id":1765,"fincertId":"FINCERT-2026-001765","incidentId":11653,"idempotencyKey":"incident-11653","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:20.745612Z","receivedAt":"2026-05-15T20:50:20.759536Z"},{"id":1764,"fincertId":"FINCERT-2026-001764","incidentId":11651,"idempotencyKey":"incident-11651","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:20.708554Z","receivedAt":"2026-05-15T20:50:20.721510Z"},{"id":1763,"fincertId":"FINCERT-2026-001763","incidentId":11648,"idempotencyKey":"incident-11648","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:20.658541Z","receivedAt":"2026-05-15T20:50:20.670796Z"},{"id":1762,"fincertId":"FINCERT-2026-001762","incidentId":11639,"idempotencyKey":"incident-11639","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:20.516162Z","receivedAt":"2026-05-15T20:50:20.529011Z"},{"id":1761,"fincertId":"FINCERT-2026-001761","incidentId":11638,"idempotencyKey":"incident-11638","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:20.487403Z","receivedAt":"2026-05-15T20:50:20.500896Z"},{"id":1760,"fincertId":"FINCERT-2026-001760","incidentId":11636,"idempotencyKey":"incident-11636","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:20.439908Z","receivedAt":"2026-05-15T20:50:20.452124Z"},{"id":1759,"fincertId":"FINCERT-2026-001759","incidentId":11630,"idempotencyKey":"incident-11630","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:20.310472Z","receivedAt":"2026-05-15T20:50:20.337605Z"},{"id":1758,"fincertId":"FINCERT-2026-001758","incidentId":11627,"idempotencyKey":"incident-11627","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:20.234762Z","receivedAt":"2026-05-15T20:50:20.253615Z"},{"id":1757,"fincertId":"FINCERT-2026-001757","incidentId":11619,"idempotencyKey":"incident-11619","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:20.031193Z","receivedAt":"2026-05-15T20:50:20.054947Z"},{"id":1756,"fincertId":"FINCERT-2026-001756","incidentId":11617,"idempotencyKey":"incident-11617","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:19.955944Z","receivedAt":"2026-05-15T20:50:19.983584Z"},{"id":1755,"fincertId":"FINCERT-2026-001755","incidentId":11612,"idempotencyKey":"incident-11612","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:19.866747Z","receivedAt":"2026-05-15T20:50:19.891728Z"},{"id":1754,"fincertId":"FINCERT-2026-001754","incidentId":11609,"idempotencyKey":"incident-11609","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:19.793739Z","receivedAt":"2026-05-15T20:50:19.815068Z"},{"id":1753,"fincertId":"FINCERT-2026-001753","incidentId":11605,"idempotencyKey":"incident-11605","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:19.724679Z","receivedAt":"2026-05-15T20:50:19.739153Z"},{"id":1752,"fincertId":"FINCERT-2026-001752","incidentId":11602,"idempotencyKey":"incident-11602","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:19.671144Z","receivedAt":"2026-05-15T20:50:19.684369Z"},{"id":1751,"fincertId":"FINCERT-2026-001751","incidentId":11601,"idempotencyKey":"incident-11601","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:19.650093Z","receivedAt":"2026-05-15T20:50:19.664814Z"},{"id":1750,"fincertId":"FINCERT-2026-001750","incidentId":11600,"idempotencyKey":"incident-11600","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:19.611217Z","receivedAt":"2026-05-15T20:50:19.636050Z"},{"id":1749,"fincertId":"FINCERT-2026-001749","incidentId":11599,"idempotencyKey":"incident-11599","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:19.579279Z","receivedAt":"2026-05-15T20:50:19.594866Z"},{"id":1748,"fincertId":"FINCERT-2026-001748","incidentId":11595,"idempotencyKey":"incident-11595","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:19.505480Z","receivedAt":"2026-05-15T20:50:19.518740Z"},{"id":1747,"fincertId":"FINCERT-2026-001747","incidentId":11593,"idempotencyKey":"incident-11593","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:19.455391Z","receivedAt":"2026-05-15T20:50:19.474904Z"},{"id":1746,"fincertId":"FINCERT-2026-001746","incidentId":11590,"idempotencyKey":"incident-11590","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:19.405673Z","receivedAt":"2026-05-15T20:50:19.418829Z"},{"id":1745,"fincertId":"FINCERT-2026-001745","incidentId":11584,"idempotencyKey":"incident-11584","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:19.277074Z","receivedAt":"2026-05-15T20:50:19.290450Z"},{"id":1744,"fincertId":"FINCERT-2026-001744","incidentId":11577,"idempotencyKey":"incident-11577","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:19.147802Z","receivedAt":"2026-05-15T20:50:19.176442Z"},{"id":1743,"fincertId":"FINCERT-2026-001743","incidentId":11571,"idempotencyKey":"incident-11571","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:19.017979Z","receivedAt":"2026-05-15T20:50:19.032015Z"},{"id":1742,"fincertId":"FINCERT-2026-001742","incidentId":11565,"idempotencyKey":"incident-11565","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:18.875662Z","receivedAt":"2026-05-15T20:50:18.905002Z"},{"id":1741,"fincertId":"FINCERT-2026-001741","incidentId":11556,"idempotencyKey":"incident-11556","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:18.555861Z","receivedAt":"2026-05-15T20:50:18.572761Z"},{"id":1740,"fincertId":"FINCERT-2026-001740","incidentId":11554,"idempotencyKey":"incident-11554","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:18.482688Z","receivedAt":"2026-05-15T20:50:18.521379Z"},{"id":1739,"fincertId":"FINCERT-2026-001739","incidentId":11553,"idempotencyKey":"incident-11553","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:18.436755Z","receivedAt":"2026-05-15T20:50:18.448541Z"},{"id":1738,"fincertId":"FINCERT-2026-001738","incidentId":11548,"idempotencyKey":"incident-11548","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:18.347420Z","receivedAt":"2026-05-15T20:50:18.362639Z"},{"id":1737,"fincertId":"FINCERT-2026-001737","incidentId":11546,"idempotencyKey":"incident-11546","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:18.292839Z","receivedAt":"2026-05-15T20:50:18.313721Z"},{"id":1736,"fincertId":"FINCERT-2026-001736","incidentId":11545,"idempotencyKey":"incident-11545","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:18.269539Z","receivedAt":"2026-05-15T20:50:18.283637Z"},{"id":1735,"fincertId":"FINCERT-2026-001735","incidentId":11541,"idempotencyKey":"incident-11541","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:18.190890Z","receivedAt":"2026-05-15T20:50:18.203334Z"},{"id":1734,"fincertId":"FINCERT-2026-001734","incidentId":11538,"idempotencyKey":"incident-11538","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:18.140572Z","receivedAt":"2026-05-15T20:50:18.154106Z"},{"id":1733,"fincertId":"FINCERT-2026-001733","incidentId":11536,"idempotencyKey":"incident-11536","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:18.096715Z","receivedAt":"2026-05-15T20:50:18.116473Z"},{"id":1732,"fincertId":"FINCERT-2026-001732","incidentId":11533,"idempotencyKey":"incident-11533","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:17.964546Z","receivedAt":"2026-05-15T20:50:18.024161Z"},{"id":1731,"fincertId":"FINCERT-2026-001731","incidentId":11531,"idempotencyKey":"incident-11531","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:17.914761Z","receivedAt":"2026-05-15T20:50:17.927671Z"},{"id":1730,"fincertId":"FINCERT-2026-001730","incidentId":11521,"idempotencyKey":"incident-11521","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:17.758123Z","receivedAt":"2026-05-15T20:50:17.770899Z"},{"id":1729,"fincertId":"FINCERT-2026-001729","incidentId":11519,"idempotencyKey":"incident-11519","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:17.718756Z","receivedAt":"2026-05-15T20:50:17.734125Z"},{"id":1728,"fincertId":"FINCERT-2026-001728","incidentId":11516,"idempotencyKey":"incident-11516","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:17.625029Z","receivedAt":"2026-05-15T20:50:17.657752Z"},{"id":1727,"fincertId":"FINCERT-2026-001727","incidentId":11515,"idempotencyKey":"incident-11515","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:17.595597Z","receivedAt":"2026-05-15T20:50:17.614928Z"},{"id":1726,"fincertId":"FINCERT-2026-001726","incidentId":11511,"idempotencyKey":"incident-11511","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:17.471626Z","receivedAt":"2026-05-15T20:50:17.494913Z"},{"id":1725,"fincertId":"FINCERT-2026-001725","incidentId":11507,"idempotencyKey":"incident-11507","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:17.391813Z","receivedAt":"2026-05-15T20:50:17.407019Z"},{"id":1724,"fincertId":"FINCERT-2026-001724","incidentId":11501,"idempotencyKey":"incident-11501","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:17.285012Z","receivedAt":"2026-05-15T20:50:17.296662Z"},{"id":1723,"fincertId":"FINCERT-2026-001723","incidentId":11494,"idempotencyKey":"incident-11494","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:17.172045Z","receivedAt":"2026-05-15T20:50:17.187019Z"},{"id":1722,"fincertId":"FINCERT-2026-001722","incidentId":11493,"idempotencyKey":"incident-11493","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:17.151046Z","receivedAt":"2026-05-15T20:50:17.165591Z"},{"id":1721,"fincertId":"FINCERT-2026-001721","incidentId":11492,"idempotencyKey":"incident-11492","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:17.106516Z","receivedAt":"2026-05-15T20:50:17.124668Z"},{"id":1720,"fincertId":"FINCERT-2026-001720","incidentId":11488,"idempotencyKey":"incident-11488","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:17.034063Z","receivedAt":"2026-05-15T20:50:17.045931Z"},{"id":1719,"fincertId":"FINCERT-2026-001719","incidentId":11486,"idempotencyKey":"incident-11486","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:16.994713Z","receivedAt":"2026-05-15T20:50:17.012647Z"},{"id":1718,"fincertId":"FINCERT-2026-001718","incidentId":11480,"idempotencyKey":"incident-11480","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:16.888759Z","receivedAt":"2026-05-15T20:50:16.901285Z"},{"id":1717,"fincertId":"FINCERT-2026-001717","incidentId":11477,"idempotencyKey":"incident-11477","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:16.842166Z","receivedAt":"2026-05-15T20:50:16.854807Z"},{"id":1716,"fincertId":"FINCERT-2026-001716","incidentId":11473,"idempotencyKey":"incident-11473","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:16.765219Z","receivedAt":"2026-05-15T20:50:16.775325Z"},{"id":1715,"fincertId":"FINCERT-2026-001715","incidentId":11470,"idempotencyKey":"incident-11470","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:16.698982Z","receivedAt":"2026-05-15T20:50:16.718357Z"},{"id":1714,"fincertId":"FINCERT-2026-001714","incidentId":11462,"idempotencyKey":"incident-11462","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:16.522676Z","receivedAt":"2026-05-15T20:50:16.534880Z"},{"id":1713,"fincertId":"FINCERT-2026-001713","incidentId":11456,"idempotencyKey":"incident-11456","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:16.402372Z","receivedAt":"2026-05-15T20:50:16.419125Z"},{"id":1712,"fincertId":"FINCERT-2026-001712","incidentId":11451,"idempotencyKey":"incident-11451","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:16.293770Z","receivedAt":"2026-05-15T20:50:16.309205Z"},{"id":1711,"fincertId":"FINCERT-2026-001711","incidentId":11445,"idempotencyKey":"incident-11445","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:16.205621Z","receivedAt":"2026-05-15T20:50:16.217813Z"},{"id":1710,"fincertId":"FINCERT-2026-001710","incidentId":11435,"idempotencyKey":"incident-11435","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:16.044106Z","receivedAt":"2026-05-15T20:50:16.056443Z"},{"id":1709,"fincertId":"FINCERT-2026-001709","incidentId":11433,"idempotencyKey":"incident-11433","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:16.010266Z","receivedAt":"2026-05-15T20:50:16.023215Z"},{"id":1708,"fincertId":"FINCERT-2026-001708","incidentId":11431,"idempotencyKey":"incident-11431","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:15.960938Z","receivedAt":"2026-05-15T20:50:15.981075Z"},{"id":1707,"fincertId":"FINCERT-2026-001707","incidentId":11427,"idempotencyKey":"incident-11427","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:15.897772Z","receivedAt":"2026-05-15T20:50:15.909975Z"},{"id":1706,"fincertId":"FINCERT-2026-001706","incidentId":11411,"idempotencyKey":"incident-11411","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:15.649342Z","receivedAt":"2026-05-15T20:50:15.663850Z"},{"id":1705,"fincertId":"FINCERT-2026-001705","incidentId":11410,"idempotencyKey":"incident-11410","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:15.614316Z","receivedAt":"2026-05-15T20:50:15.632130Z"},{"id":1704,"fincertId":"FINCERT-2026-001704","incidentId":11408,"idempotencyKey":"incident-11408","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:15.577925Z","receivedAt":"2026-05-15T20:50:15.589339Z"},{"id":1703,"fincertId":"FINCERT-2026-001703","incidentId":11407,"idempotencyKey":"incident-11407","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:15.552423Z","receivedAt":"2026-05-15T20:50:15.563022Z"},{"id":1702,"fincertId":"FINCERT-2026-001702","incidentId":11397,"idempotencyKey":"incident-11397","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:15.345743Z","receivedAt":"2026-05-15T20:50:15.360799Z"},{"id":1701,"fincertId":"FINCERT-2026-001701","incidentId":11389,"idempotencyKey":"incident-11389","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:15.154566Z","receivedAt":"2026-05-15T20:50:15.184506Z"},{"id":1700,"fincertId":"FINCERT-2026-001700","incidentId":11381,"idempotencyKey":"incident-11381","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:14.979157Z","receivedAt":"2026-05-15T20:50:14.993032Z"},{"id":1699,"fincertId":"FINCERT-2026-001699","incidentId":11376,"idempotencyKey":"incident-11376","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:14.873620Z","receivedAt":"2026-05-15T20:50:14.898693Z"},{"id":1698,"fincertId":"FINCERT-2026-001698","incidentId":11375,"idempotencyKey":"incident-11375","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:14.826662Z","receivedAt":"2026-05-15T20:50:14.858817Z"},{"id":1697,"fincertId":"FINCERT-2026-001697","incidentId":11370,"idempotencyKey":"incident-11370","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:14.726533Z","receivedAt":"2026-05-15T20:50:14.739820Z"},{"id":1696,"fincertId":"FINCERT-2026-001696","incidentId":11363,"idempotencyKey":"incident-11363","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:14.553535Z","receivedAt":"2026-05-15T20:50:14.575753Z"},{"id":1695,"fincertId":"FINCERT-2026-001695","incidentId":11361,"idempotencyKey":"incident-11361","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:14.483140Z","receivedAt":"2026-05-15T20:50:14.498109Z"},{"id":1694,"fincertId":"FINCERT-2026-001694","incidentId":11356,"idempotencyKey":"incident-11356","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:14.323038Z","receivedAt":"2026-05-15T20:50:14.350364Z"},{"id":1693,"fincertId":"FINCERT-2026-001693","incidentId":11339,"idempotencyKey":"incident-11339","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:14.030919Z","receivedAt":"2026-05-15T20:50:14.044528Z"},{"id":1692,"fincertId":"FINCERT-2026-001692","incidentId":11336,"idempotencyKey":"incident-11336","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:13.947120Z","receivedAt":"2026-05-15T20:50:13.970746Z"},{"id":1691,"fincertId":"FINCERT-2026-001691","incidentId":11335,"idempotencyKey":"incident-11335","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:13.894952Z","receivedAt":"2026-05-15T20:50:13.907665Z"},{"id":1690,"fincertId":"FINCERT-2026-001690","incidentId":11328,"idempotencyKey":"incident-11328","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:13.766101Z","receivedAt":"2026-05-15T20:50:13.779828Z"},{"id":1689,"fincertId":"FINCERT-2026-001689","incidentId":11324,"idempotencyKey":"incident-11324","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:13.617889Z","receivedAt":"2026-05-15T20:50:13.664425Z"},{"id":1688,"fincertId":"FINCERT-2026-001688","incidentId":11323,"idempotencyKey":"incident-11323","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:13.577128Z","receivedAt":"2026-05-15T20:50:13.591902Z"},{"id":1687,"fincertId":"FINCERT-2026-001687","incidentId":11318,"idempotencyKey":"incident-11318","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:13.456061Z","receivedAt":"2026-05-15T20:50:13.482676Z"},{"id":1686,"fincertId":"FINCERT-2026-001686","incidentId":11313,"idempotencyKey":"incident-11313","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:13.365125Z","receivedAt":"2026-05-15T20:50:13.376168Z"},{"id":1685,"fincertId":"FINCERT-2026-001685","incidentId":11309,"idempotencyKey":"incident-11309","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:13.289900Z","receivedAt":"2026-05-15T20:50:13.302897Z"},{"id":1684,"fincertId":"FINCERT-2026-001684","incidentId":11303,"idempotencyKey":"incident-11303","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:13.173046Z","receivedAt":"2026-05-15T20:50:13.185437Z"},{"id":1683,"fincertId":"FINCERT-2026-001683","incidentId":11300,"idempotencyKey":"incident-11300","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:13.117631Z","receivedAt":"2026-05-15T20:50:13.135282Z"},{"id":1682,"fincertId":"FINCERT-2026-001682","incidentId":11298,"idempotencyKey":"incident-11298","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:13.077958Z","receivedAt":"2026-05-15T20:50:13.093852Z"},{"id":1681,"fincertId":"FINCERT-2026-001681","incidentId":11294,"idempotencyKey":"incident-11294","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:12.995236Z","receivedAt":"2026-05-15T20:50:13.019140Z"},{"id":1680,"fincertId":"FINCERT-2026-001680","incidentId":11293,"idempotencyKey":"incident-11293","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:12.950603Z","receivedAt":"2026-05-15T20:50:12.981944Z"},{"id":1679,"fincertId":"FINCERT-2026-001679","incidentId":11292,"idempotencyKey":"incident-11292","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:12.891581Z","receivedAt":"2026-05-15T20:50:12.920112Z"},{"id":1678,"fincertId":"FINCERT-2026-001678","incidentId":11289,"idempotencyKey":"incident-11289","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:12.757478Z","receivedAt":"2026-05-15T20:50:12.777985Z"},{"id":1677,"fincertId":"FINCERT-2026-001677","incidentId":11281,"idempotencyKey":"incident-11281","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:12.510111Z","receivedAt":"2026-05-15T20:50:12.539595Z"},{"id":1676,"fincertId":"FINCERT-2026-001676","incidentId":11277,"idempotencyKey":"incident-11277","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:12.356746Z","receivedAt":"2026-05-15T20:50:12.388870Z"},{"id":1675,"fincertId":"FINCERT-2026-001675","incidentId":11273,"idempotencyKey":"incident-11273","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:12.245550Z","receivedAt":"2026-05-15T20:50:12.260630Z"},{"id":1674,"fincertId":"FINCERT-2026-001674","incidentId":11270,"idempotencyKey":"incident-11270","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:12.171289Z","receivedAt":"2026-05-15T20:50:12.194930Z"},{"id":1673,"fincertId":"FINCERT-2026-001673","incidentId":11269,"idempotencyKey":"incident-11269","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:12.114341Z","receivedAt":"2026-05-15T20:50:12.153641Z"},{"id":1672,"fincertId":"FINCERT-2026-001672","incidentId":11266,"idempotencyKey":"incident-11266","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:12.033295Z","receivedAt":"2026-05-15T20:50:12.050470Z"},{"id":1671,"fincertId":"FINCERT-2026-001671","incidentId":11263,"idempotencyKey":"incident-11263","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:11.939807Z","receivedAt":"2026-05-15T20:50:11.961808Z"},{"id":1670,"fincertId":"FINCERT-2026-001670","incidentId":11262,"idempotencyKey":"incident-11262","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:11.905153Z","receivedAt":"2026-05-15T20:50:11.920214Z"},{"id":1669,"fincertId":"FINCERT-2026-001669","incidentId":11259,"idempotencyKey":"incident-11259","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:11.837872Z","receivedAt":"2026-05-15T20:50:11.862274Z"},{"id":1668,"fincertId":"FINCERT-2026-001668","incidentId":11257,"idempotencyKey":"incident-11257","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:11.784487Z","receivedAt":"2026-05-15T20:50:11.797939Z"},{"id":1667,"fincertId":"FINCERT-2026-001667","incidentId":11249,"idempotencyKey":"incident-11249","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:11.644718Z","receivedAt":"2026-05-15T20:50:11.658804Z"},{"id":1666,"fincertId":"FINCERT-2026-001666","incidentId":11246,"idempotencyKey":"incident-11246","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:11.571860Z","receivedAt":"2026-05-15T20:50:11.586841Z"},{"id":1665,"fincertId":"FINCERT-2026-001665","incidentId":11240,"idempotencyKey":"incident-11240","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:11.427569Z","receivedAt":"2026-05-15T20:50:11.442446Z"},{"id":1664,"fincertId":"FINCERT-2026-001664","incidentId":11238,"idempotencyKey":"incident-11238","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:11.373970Z","receivedAt":"2026-05-15T20:50:11.389844Z"},{"id":1663,"fincertId":"FINCERT-2026-001663","incidentId":11236,"idempotencyKey":"incident-11236","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:11.308894Z","receivedAt":"2026-05-15T20:50:11.339798Z"},{"id":1662,"fincertId":"FINCERT-2026-001662","incidentId":11234,"idempotencyKey":"incident-11234","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:11.266312Z","receivedAt":"2026-05-15T20:50:11.281683Z"},{"id":1661,"fincertId":"FINCERT-2026-001661","incidentId":11231,"idempotencyKey":"incident-11231","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:11.195902Z","receivedAt":"2026-05-15T20:50:11.210127Z"},{"id":1660,"fincertId":"FINCERT-2026-001660","incidentId":11229,"idempotencyKey":"incident-11229","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:11.140756Z","receivedAt":"2026-05-15T20:50:11.162447Z"},{"id":1659,"fincertId":"FINCERT-2026-001659","incidentId":11225,"idempotencyKey":"incident-11225","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:11.012192Z","receivedAt":"2026-05-15T20:50:11.058087Z"},{"id":1658,"fincertId":"FINCERT-2026-001658","incidentId":11219,"idempotencyKey":"incident-11219","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:10.787615Z","receivedAt":"2026-05-15T20:50:10.830538Z"},{"id":1657,"fincertId":"FINCERT-2026-001657","incidentId":11215,"idempotencyKey":"incident-11215","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:10.705166Z","receivedAt":"2026-05-15T20:50:10.720577Z"},{"id":1656,"fincertId":"FINCERT-2026-001656","incidentId":11214,"idempotencyKey":"incident-11214","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:10.635146Z","receivedAt":"2026-05-15T20:50:10.665495Z"},{"id":1655,"fincertId":"FINCERT-2026-001655","incidentId":11211,"idempotencyKey":"incident-11211","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:10.551247Z","receivedAt":"2026-05-15T20:50:10.573384Z"},{"id":1654,"fincertId":"FINCERT-2026-001654","incidentId":11206,"idempotencyKey":"incident-11206","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:10.452240Z","receivedAt":"2026-05-15T20:50:10.466604Z"},{"id":1653,"fincertId":"FINCERT-2026-001653","incidentId":11205,"idempotencyKey":"incident-11205","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:10.428989Z","receivedAt":"2026-05-15T20:50:10.444850Z"},{"id":1652,"fincertId":"FINCERT-2026-001652","incidentId":11204,"idempotencyKey":"incident-11204","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:10.400076Z","receivedAt":"2026-05-15T20:50:10.412840Z"},{"id":1651,"fincertId":"FINCERT-2026-001651","incidentId":11203,"idempotencyKey":"incident-11203","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:10.380938Z","receivedAt":"2026-05-15T20:50:10.393351Z"},{"id":1650,"fincertId":"FINCERT-2026-001650","incidentId":11199,"idempotencyKey":"incident-11199","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:10.295569Z","receivedAt":"2026-05-15T20:50:10.312577Z"},{"id":1649,"fincertId":"FINCERT-2026-001649","incidentId":11197,"idempotencyKey":"incident-11197","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:10.261094Z","receivedAt":"2026-05-15T20:50:10.274560Z"},{"id":1648,"fincertId":"FINCERT-2026-001648","incidentId":11193,"idempotencyKey":"incident-11193","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:10.187785Z","receivedAt":"2026-05-15T20:50:10.201645Z"},{"id":1647,"fincertId":"FINCERT-2026-001647","incidentId":11192,"idempotencyKey":"incident-11192","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:10.170073Z","receivedAt":"2026-05-15T20:50:10.181002Z"},{"id":1646,"fincertId":"FINCERT-2026-001646","incidentId":11190,"idempotencyKey":"incident-11190","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:10.137166Z","receivedAt":"2026-05-15T20:50:10.149490Z"},{"id":1645,"fincertId":"FINCERT-2026-001645","incidentId":11186,"idempotencyKey":"incident-11186","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:10.067594Z","receivedAt":"2026-05-15T20:50:10.081518Z"},{"id":1644,"fincertId":"FINCERT-2026-001644","incidentId":11184,"idempotencyKey":"incident-11184","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:10.017839Z","receivedAt":"2026-05-15T20:50:10.037157Z"},{"id":1643,"fincertId":"FINCERT-2026-001643","incidentId":11176,"idempotencyKey":"incident-11176","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:09.868888Z","receivedAt":"2026-05-15T20:50:09.894497Z"},{"id":1642,"fincertId":"FINCERT-2026-001642","incidentId":11169,"idempotencyKey":"incident-11169","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:09.704377Z","receivedAt":"2026-05-15T20:50:09.722595Z"},{"id":1641,"fincertId":"FINCERT-2026-001641","incidentId":11165,"idempotencyKey":"incident-11165","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:09.598375Z","receivedAt":"2026-05-15T20:50:09.625621Z"},{"id":1640,"fincertId":"FINCERT-2026-001640","incidentId":11164,"idempotencyKey":"incident-11164","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:09.575018Z","receivedAt":"2026-05-15T20:50:09.590014Z"},{"id":1639,"fincertId":"FINCERT-2026-001639","incidentId":11163,"idempotencyKey":"incident-11163","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:09.548455Z","receivedAt":"2026-05-15T20:50:09.566970Z"},{"id":1638,"fincertId":"FINCERT-2026-001638","incidentId":11159,"idempotencyKey":"incident-11159","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:09.460070Z","receivedAt":"2026-05-15T20:50:09.483984Z"},{"id":1637,"fincertId":"FINCERT-2026-001637","incidentId":11158,"idempotencyKey":"incident-11158","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:09.425489Z","receivedAt":"2026-05-15T20:50:09.439975Z"},{"id":1636,"fincertId":"FINCERT-2026-001636","incidentId":11154,"idempotencyKey":"incident-11154","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:09.353542Z","receivedAt":"2026-05-15T20:50:09.367984Z"},{"id":1635,"fincertId":"FINCERT-2026-001635","incidentId":11151,"idempotencyKey":"incident-11151","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:09.290332Z","receivedAt":"2026-05-15T20:50:09.303368Z"},{"id":1634,"fincertId":"FINCERT-2026-001634","incidentId":11147,"idempotencyKey":"incident-11147","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:09.215078Z","receivedAt":"2026-05-15T20:50:09.232722Z"},{"id":1633,"fincertId":"FINCERT-2026-001633","incidentId":11146,"idempotencyKey":"incident-11146","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:09.174894Z","receivedAt":"2026-05-15T20:50:09.192924Z"},{"id":1632,"fincertId":"FINCERT-2026-001632","incidentId":11140,"idempotencyKey":"incident-11140","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:09.034858Z","receivedAt":"2026-05-15T20:50:09.052126Z"},{"id":1631,"fincertId":"FINCERT-2026-001631","incidentId":11137,"idempotencyKey":"incident-11137","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:08.959048Z","receivedAt":"2026-05-15T20:50:08.976588Z"},{"id":1630,"fincertId":"FINCERT-2026-001630","incidentId":11128,"idempotencyKey":"incident-11128","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:08.776910Z","receivedAt":"2026-05-15T20:50:08.791171Z"},{"id":1629,"fincertId":"FINCERT-2026-001629","incidentId":11123,"idempotencyKey":"incident-11123","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:08.690693Z","receivedAt":"2026-05-15T20:50:08.703629Z"},{"id":1628,"fincertId":"FINCERT-2026-001628","incidentId":11121,"idempotencyKey":"incident-11121","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:08.654486Z","receivedAt":"2026-05-15T20:50:08.668120Z"},{"id":1627,"fincertId":"FINCERT-2026-001627","incidentId":11119,"idempotencyKey":"incident-11119","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:08.602556Z","receivedAt":"2026-05-15T20:50:08.625133Z"},{"id":1626,"fincertId":"FINCERT-2026-001626","incidentId":11117,"idempotencyKey":"incident-11117","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:08.565707Z","receivedAt":"2026-05-15T20:50:08.578244Z"},{"id":1625,"fincertId":"FINCERT-2026-001625","incidentId":11116,"idempotencyKey":"incident-11116","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:08.532362Z","receivedAt":"2026-05-15T20:50:08.548106Z"},{"id":1624,"fincertId":"FINCERT-2026-001624","incidentId":11114,"idempotencyKey":"incident-11114","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:08.481621Z","receivedAt":"2026-05-15T20:50:08.499478Z"},{"id":1623,"fincertId":"FINCERT-2026-001623","incidentId":11113,"idempotencyKey":"incident-11113","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:08.446761Z","receivedAt":"2026-05-15T20:50:08.472590Z"},{"id":1622,"fincertId":"FINCERT-2026-001622","incidentId":11108,"idempotencyKey":"incident-11108","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:08.337508Z","receivedAt":"2026-05-15T20:50:08.364954Z"},{"id":1621,"fincertId":"FINCERT-2026-001621","incidentId":11100,"idempotencyKey":"incident-11100","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:08.080557Z","receivedAt":"2026-05-15T20:50:08.097582Z"},{"id":1620,"fincertId":"FINCERT-2026-001620","incidentId":11099,"idempotencyKey":"incident-11099","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:08.038014Z","receivedAt":"2026-05-15T20:50:08.061620Z"},{"id":1619,"fincertId":"FINCERT-2026-001619","incidentId":11096,"idempotencyKey":"incident-11096","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.936827Z","receivedAt":"2026-05-15T20:50:07.951983Z"},{"id":1618,"fincertId":"FINCERT-2026-001618","incidentId":11093,"idempotencyKey":"incident-11093","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:07.873701Z","receivedAt":"2026-05-15T20:50:07.892959Z"},{"id":1617,"fincertId":"FINCERT-2026-001617","incidentId":11090,"idempotencyKey":"incident-11090","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.786653Z","receivedAt":"2026-05-15T20:50:07.801621Z"},{"id":1616,"fincertId":"FINCERT-2026-001616","incidentId":11089,"idempotencyKey":"incident-11089","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.763526Z","receivedAt":"2026-05-15T20:50:07.777960Z"},{"id":1615,"fincertId":"FINCERT-2026-001615","incidentId":11088,"idempotencyKey":"incident-11088","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.739301Z","receivedAt":"2026-05-15T20:50:07.755731Z"},{"id":1614,"fincertId":"FINCERT-2026-001614","incidentId":11082,"idempotencyKey":"incident-11082","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.645304Z","receivedAt":"2026-05-15T20:50:07.659552Z"},{"id":1613,"fincertId":"FINCERT-2026-001613","incidentId":11081,"idempotencyKey":"incident-11081","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.617546Z","receivedAt":"2026-05-15T20:50:07.637004Z"},{"id":1612,"fincertId":"FINCERT-2026-001612","incidentId":11075,"idempotencyKey":"incident-11075","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.487488Z","receivedAt":"2026-05-15T20:50:07.512143Z"},{"id":1611,"fincertId":"FINCERT-2026-001611","incidentId":11072,"idempotencyKey":"incident-11072","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.415273Z","receivedAt":"2026-05-15T20:50:07.429993Z"},{"id":1610,"fincertId":"FINCERT-2026-001610","incidentId":11067,"idempotencyKey":"incident-11067","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:07.282448Z","receivedAt":"2026-05-15T20:50:07.299746Z"},{"id":1609,"fincertId":"FINCERT-2026-001609","incidentId":11064,"idempotencyKey":"incident-11064","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:07.223442Z","receivedAt":"2026-05-15T20:50:07.241066Z"},{"id":1608,"fincertId":"FINCERT-2026-001608","incidentId":11063,"idempotencyKey":"incident-11063","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.196125Z","receivedAt":"2026-05-15T20:50:07.210325Z"},{"id":1607,"fincertId":"FINCERT-2026-001607","incidentId":11062,"idempotencyKey":"incident-11062","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.174629Z","receivedAt":"2026-05-15T20:50:07.188468Z"},{"id":1606,"fincertId":"FINCERT-2026-001606","incidentId":11061,"idempotencyKey":"incident-11061","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.151457Z","receivedAt":"2026-05-15T20:50:07.166793Z"},{"id":1605,"fincertId":"FINCERT-2026-001605","incidentId":11058,"idempotencyKey":"incident-11058","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:07.085457Z","receivedAt":"2026-05-15T20:50:07.099485Z"},{"id":1604,"fincertId":"FINCERT-2026-001604","incidentId":11056,"idempotencyKey":"incident-11056","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:07.038753Z","receivedAt":"2026-05-15T20:50:07.050285Z"},{"id":1603,"fincertId":"FINCERT-2026-001603","incidentId":11052,"idempotencyKey":"incident-11052","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.946594Z","receivedAt":"2026-05-15T20:50:06.962725Z"},{"id":1602,"fincertId":"FINCERT-2026-001602","incidentId":11046,"idempotencyKey":"incident-11046","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:06.853448Z","receivedAt":"2026-05-15T20:50:06.869835Z"},{"id":1601,"fincertId":"FINCERT-2026-001601","incidentId":11040,"idempotencyKey":"incident-11040","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.596925Z","receivedAt":"2026-05-15T20:50:06.633759Z"},{"id":1600,"fincertId":"FINCERT-2026-001600","incidentId":11034,"idempotencyKey":"incident-11034","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.441107Z","receivedAt":"2026-05-15T20:50:06.455040Z"},{"id":1599,"fincertId":"FINCERT-2026-001599","incidentId":11033,"idempotencyKey":"incident-11033","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.421935Z","receivedAt":"2026-05-15T20:50:06.434543Z"},{"id":1598,"fincertId":"FINCERT-2026-001598","incidentId":11029,"idempotencyKey":"incident-11029","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.340814Z","receivedAt":"2026-05-15T20:50:06.355601Z"},{"id":1597,"fincertId":"FINCERT-2026-001597","incidentId":11024,"idempotencyKey":"incident-11024","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.220405Z","receivedAt":"2026-05-15T20:50:06.236996Z"},{"id":1596,"fincertId":"FINCERT-2026-001596","incidentId":11022,"idempotencyKey":"incident-11022","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:06.172579Z","receivedAt":"2026-05-15T20:50:06.190764Z"},{"id":1595,"fincertId":"FINCERT-2026-001595","incidentId":11021,"idempotencyKey":"incident-11021","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.149632Z","receivedAt":"2026-05-15T20:50:06.165167Z"},{"id":1594,"fincertId":"FINCERT-2026-001594","incidentId":11020,"idempotencyKey":"incident-11020","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:06.118157Z","receivedAt":"2026-05-15T20:50:06.142047Z"},{"id":1593,"fincertId":"FINCERT-2026-001593","incidentId":11016,"idempotencyKey":"incident-11016","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.049516Z","receivedAt":"2026-05-15T20:50:06.064961Z"},{"id":1592,"fincertId":"FINCERT-2026-001592","incidentId":11015,"idempotencyKey":"incident-11015","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:06.027566Z","receivedAt":"2026-05-15T20:50:06.041710Z"},{"id":1591,"fincertId":"FINCERT-2026-001591","incidentId":11010,"idempotencyKey":"incident-11010","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:05.912088Z","receivedAt":"2026-05-15T20:50:05.926199Z"},{"id":1590,"fincertId":"FINCERT-2026-001590","incidentId":11006,"idempotencyKey":"incident-11006","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:05.849125Z","receivedAt":"2026-05-15T20:50:05.863365Z"},{"id":1589,"fincertId":"FINCERT-2026-001589","incidentId":11003,"idempotencyKey":"incident-11003","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:05.783855Z","receivedAt":"2026-05-15T20:50:05.797397Z"},{"id":1588,"fincertId":"FINCERT-2026-001588","incidentId":11001,"idempotencyKey":"incident-11001","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:05.742943Z","receivedAt":"2026-05-15T20:50:05.761590Z"},{"id":1587,"fincertId":"FINCERT-2026-001587","incidentId":10999,"idempotencyKey":"incident-10999","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:05.703788Z","receivedAt":"2026-05-15T20:50:05.718707Z"},{"id":1586,"fincertId":"FINCERT-2026-001586","incidentId":10997,"idempotencyKey":"incident-10997","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:05.655485Z","receivedAt":"2026-05-15T20:50:05.671024Z"},{"id":1585,"fincertId":"FINCERT-2026-001585","incidentId":10996,"idempotencyKey":"incident-10996","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:05.627481Z","receivedAt":"2026-05-15T20:50:05.640595Z"},{"id":1584,"fincertId":"FINCERT-2026-001584","incidentId":10992,"idempotencyKey":"incident-10992","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:05.550497Z","receivedAt":"2026-05-15T20:50:05.563337Z"},{"id":1583,"fincertId":"FINCERT-2026-001583","incidentId":10989,"idempotencyKey":"incident-10989","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:05.483806Z","receivedAt":"2026-05-15T20:50:05.513107Z"},{"id":1582,"fincertId":"FINCERT-2026-001582","incidentId":10987,"idempotencyKey":"incident-10987","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:05.432418Z","receivedAt":"2026-05-15T20:50:05.446595Z"},{"id":1581,"fincertId":"FINCERT-2026-001581","incidentId":10985,"idempotencyKey":"incident-10985","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:05.382060Z","receivedAt":"2026-05-15T20:50:05.404949Z"},{"id":1580,"fincertId":"FINCERT-2026-001580","incidentId":10980,"idempotencyKey":"incident-10980","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:05.264145Z","receivedAt":"2026-05-15T20:50:05.276958Z"},{"id":1579,"fincertId":"FINCERT-2026-001579","incidentId":10969,"idempotencyKey":"incident-10969","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:05.072772Z","receivedAt":"2026-05-15T20:50:05.084915Z"},{"id":1578,"fincertId":"FINCERT-2026-001578","incidentId":10967,"idempotencyKey":"incident-10967","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:05.025498Z","receivedAt":"2026-05-15T20:50:05.039969Z"},{"id":1577,"fincertId":"FINCERT-2026-001577","incidentId":10966,"idempotencyKey":"incident-10966","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:05.003155Z","receivedAt":"2026-05-15T20:50:05.019098Z"},{"id":1576,"fincertId":"FINCERT-2026-001576","incidentId":10965,"idempotencyKey":"incident-10965","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:04.978218Z","receivedAt":"2026-05-15T20:50:04.996493Z"},{"id":1575,"fincertId":"FINCERT-2026-001575","incidentId":10958,"idempotencyKey":"incident-10958","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:04.866443Z","receivedAt":"2026-05-15T20:50:04.878582Z"},{"id":1574,"fincertId":"FINCERT-2026-001574","incidentId":10955,"idempotencyKey":"incident-10955","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:04.796696Z","receivedAt":"2026-05-15T20:50:04.812036Z"},{"id":1573,"fincertId":"FINCERT-2026-001573","incidentId":10953,"idempotencyKey":"incident-10953","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:04.766572Z","receivedAt":"2026-05-15T20:50:04.777653Z"},{"id":1572,"fincertId":"FINCERT-2026-001572","incidentId":10952,"idempotencyKey":"incident-10952","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:04.746351Z","receivedAt":"2026-05-15T20:50:04.760039Z"},{"id":1571,"fincertId":"FINCERT-2026-001571","incidentId":10950,"idempotencyKey":"incident-10950","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:04.683099Z","receivedAt":"2026-05-15T20:50:04.708999Z"},{"id":1570,"fincertId":"FINCERT-2026-001570","incidentId":10947,"idempotencyKey":"incident-10947","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:04.567948Z","receivedAt":"2026-05-15T20:50:04.586012Z"},{"id":1569,"fincertId":"FINCERT-2026-001569","incidentId":10942,"idempotencyKey":"incident-10942","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:04.437427Z","receivedAt":"2026-05-15T20:50:04.449981Z"},{"id":1568,"fincertId":"FINCERT-2026-001568","incidentId":10941,"idempotencyKey":"incident-10941","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:04.419693Z","receivedAt":"2026-05-15T20:50:04.430898Z"},{"id":1567,"fincertId":"FINCERT-2026-001567","incidentId":10931,"idempotencyKey":"incident-10931","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:04.240293Z","receivedAt":"2026-05-15T20:50:04.253487Z"},{"id":1566,"fincertId":"FINCERT-2026-001566","incidentId":10925,"idempotencyKey":"incident-10925","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:04.136376Z","receivedAt":"2026-05-15T20:50:04.152947Z"},{"id":1565,"fincertId":"FINCERT-2026-001565","incidentId":10923,"idempotencyKey":"incident-10923","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:04.082077Z","receivedAt":"2026-05-15T20:50:04.095831Z"},{"id":1564,"fincertId":"FINCERT-2026-001564","incidentId":10922,"idempotencyKey":"incident-10922","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:04.059124Z","receivedAt":"2026-05-15T20:50:04.073657Z"},{"id":1563,"fincertId":"FINCERT-2026-001563","incidentId":10919,"idempotencyKey":"incident-10919","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:03.988865Z","receivedAt":"2026-05-15T20:50:04.011241Z"},{"id":1562,"fincertId":"FINCERT-2026-001562","incidentId":10916,"idempotencyKey":"incident-10916","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:03.920225Z","receivedAt":"2026-05-15T20:50:03.932450Z"},{"id":1561,"fincertId":"FINCERT-2026-001561","incidentId":10905,"idempotencyKey":"incident-10905","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:03.727051Z","receivedAt":"2026-05-15T20:50:03.740353Z"},{"id":1560,"fincertId":"FINCERT-2026-001560","incidentId":10904,"idempotencyKey":"incident-10904","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:03.703701Z","receivedAt":"2026-05-15T20:50:03.719039Z"},{"id":1559,"fincertId":"FINCERT-2026-001559","incidentId":10899,"idempotencyKey":"incident-10899","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:03.599203Z","receivedAt":"2026-05-15T20:50:03.616726Z"},{"id":1558,"fincertId":"FINCERT-2026-001558","incidentId":10898,"idempotencyKey":"incident-10898","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:03.572571Z","receivedAt":"2026-05-15T20:50:03.583636Z"},{"id":1557,"fincertId":"FINCERT-2026-001557","incidentId":10893,"idempotencyKey":"incident-10893","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:03.491537Z","receivedAt":"2026-05-15T20:50:03.506813Z"},{"id":1556,"fincertId":"FINCERT-2026-001556","incidentId":10891,"idempotencyKey":"incident-10891","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:03.437978Z","receivedAt":"2026-05-15T20:50:03.449376Z"},{"id":1555,"fincertId":"FINCERT-2026-001555","incidentId":10884,"idempotencyKey":"incident-10884","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:03.315223Z","receivedAt":"2026-05-15T20:50:03.337988Z"},{"id":1554,"fincertId":"FINCERT-2026-001554","incidentId":10879,"idempotencyKey":"incident-10879","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:03.227377Z","receivedAt":"2026-05-15T20:50:03.241857Z"},{"id":1553,"fincertId":"FINCERT-2026-001553","incidentId":10876,"idempotencyKey":"incident-10876","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:03.156226Z","receivedAt":"2026-05-15T20:50:03.175867Z"},{"id":1552,"fincertId":"FINCERT-2026-001552","incidentId":10864,"idempotencyKey":"incident-10864","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:02.886208Z","receivedAt":"2026-05-15T20:50:02.901116Z"},{"id":1551,"fincertId":"FINCERT-2026-001551","incidentId":10863,"idempotencyKey":"incident-10863","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:02.857024Z","receivedAt":"2026-05-15T20:50:02.869953Z"},{"id":1550,"fincertId":"FINCERT-2026-001550","incidentId":10859,"idempotencyKey":"incident-10859","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:02.753472Z","receivedAt":"2026-05-15T20:50:02.766797Z"},{"id":1549,"fincertId":"FINCERT-2026-001549","incidentId":10858,"idempotencyKey":"incident-10858","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:02.725926Z","receivedAt":"2026-05-15T20:50:02.746112Z"},{"id":1548,"fincertId":"FINCERT-2026-001548","incidentId":10850,"idempotencyKey":"incident-10850","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:02.581598Z","receivedAt":"2026-05-15T20:50:02.595580Z"},{"id":1547,"fincertId":"FINCERT-2026-001547","incidentId":10843,"idempotencyKey":"incident-10843","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:02.479810Z","receivedAt":"2026-05-15T20:50:02.493070Z"},{"id":1546,"fincertId":"FINCERT-2026-001546","incidentId":10838,"idempotencyKey":"incident-10838","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:02.388565Z","receivedAt":"2026-05-15T20:50:02.401984Z"},{"id":1545,"fincertId":"FINCERT-2026-001545","incidentId":10826,"idempotencyKey":"incident-10826","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:02.198138Z","receivedAt":"2026-05-15T20:50:02.211024Z"},{"id":1544,"fincertId":"FINCERT-2026-001544","incidentId":10821,"idempotencyKey":"incident-10821","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:02.114451Z","receivedAt":"2026-05-15T20:50:02.134018Z"},{"id":1543,"fincertId":"FINCERT-2026-001543","incidentId":10819,"idempotencyKey":"incident-10819","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:02.067388Z","receivedAt":"2026-05-15T20:50:02.080452Z"},{"id":1542,"fincertId":"FINCERT-2026-001542","incidentId":10811,"idempotencyKey":"incident-10811","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.923923Z","receivedAt":"2026-05-15T20:50:01.935908Z"},{"id":1541,"fincertId":"FINCERT-2026-001541","incidentId":10808,"idempotencyKey":"incident-10808","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:01.876401Z","receivedAt":"2026-05-15T20:50:01.890854Z"},{"id":1540,"fincertId":"FINCERT-2026-001540","incidentId":10807,"idempotencyKey":"incident-10807","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.855535Z","receivedAt":"2026-05-15T20:50:01.868952Z"},{"id":1539,"fincertId":"FINCERT-2026-001539","incidentId":10806,"idempotencyKey":"incident-10806","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:01.830734Z","receivedAt":"2026-05-15T20:50:01.848668Z"},{"id":1538,"fincertId":"FINCERT-2026-001538","incidentId":10805,"idempotencyKey":"incident-10805","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.806496Z","receivedAt":"2026-05-15T20:50:01.821752Z"},{"id":1537,"fincertId":"FINCERT-2026-001537","incidentId":10803,"idempotencyKey":"incident-10803","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:01.768372Z","receivedAt":"2026-05-15T20:50:01.783098Z"},{"id":1536,"fincertId":"FINCERT-2026-001536","incidentId":10802,"idempotencyKey":"incident-10802","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.741728Z","receivedAt":"2026-05-15T20:50:01.757373Z"},{"id":1535,"fincertId":"FINCERT-2026-001535","incidentId":10794,"idempotencyKey":"incident-10794","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:01.558997Z","receivedAt":"2026-05-15T20:50:01.575730Z"},{"id":1534,"fincertId":"FINCERT-2026-001534","incidentId":10790,"idempotencyKey":"incident-10790","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.426496Z","receivedAt":"2026-05-15T20:50:01.437618Z"},{"id":1533,"fincertId":"FINCERT-2026-001533","incidentId":10789,"idempotencyKey":"incident-10789","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:50:01.400834Z","receivedAt":"2026-05-15T20:50:01.412206Z"},{"id":1532,"fincertId":"FINCERT-2026-001532","incidentId":10788,"idempotencyKey":"incident-10788","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.382699Z","receivedAt":"2026-05-15T20:50:01.394100Z"},{"id":1531,"fincertId":"FINCERT-2026-001531","incidentId":10787,"idempotencyKey":"incident-10787","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:01.356839Z","receivedAt":"2026-05-15T20:50:01.367574Z"},{"id":1530,"fincertId":"FINCERT-2026-001530","incidentId":10786,"idempotencyKey":"incident-10786","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:01.338507Z","receivedAt":"2026-05-15T20:50:01.350695Z"},{"id":1529,"fincertId":"FINCERT-2026-001529","incidentId":10780,"idempotencyKey":"incident-10780","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.243121Z","receivedAt":"2026-05-15T20:50:01.253618Z"},{"id":1528,"fincertId":"FINCERT-2026-001528","incidentId":10773,"idempotencyKey":"incident-10773","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.138510Z","receivedAt":"2026-05-15T20:50:01.157654Z"},{"id":1527,"fincertId":"FINCERT-2026-001527","incidentId":10772,"idempotencyKey":"incident-10772","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.097576Z","receivedAt":"2026-05-15T20:50:01.127621Z"},{"id":1526,"fincertId":"FINCERT-2026-001526","incidentId":10771,"idempotencyKey":"incident-10771","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:01.066122Z","receivedAt":"2026-05-15T20:50:01.085633Z"},{"id":1525,"fincertId":"FINCERT-2026-001525","incidentId":10770,"idempotencyKey":"incident-10770","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:01.017142Z","receivedAt":"2026-05-15T20:50:01.043693Z"},{"id":1524,"fincertId":"FINCERT-2026-001524","incidentId":10761,"idempotencyKey":"incident-10761","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:50:00.838794Z","receivedAt":"2026-05-15T20:50:00.860727Z"},{"id":1523,"fincertId":"FINCERT-2026-001523","incidentId":10759,"idempotencyKey":"incident-10759","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:00.784366Z","receivedAt":"2026-05-15T20:50:00.803149Z"},{"id":1522,"fincertId":"FINCERT-2026-001522","incidentId":10758,"idempotencyKey":"incident-10758","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:00.756625Z","receivedAt":"2026-05-15T20:50:00.774677Z"},{"id":1521,"fincertId":"FINCERT-2026-001521","incidentId":10757,"idempotencyKey":"incident-10757","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:00.735584Z","receivedAt":"2026-05-15T20:50:00.748847Z"},{"id":1520,"fincertId":"FINCERT-2026-001520","incidentId":10755,"idempotencyKey":"incident-10755","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:00.699Z","receivedAt":"2026-05-15T20:50:00.711767Z"},{"id":1519,"fincertId":"FINCERT-2026-001519","incidentId":10754,"idempotencyKey":"incident-10754","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:50:00.676714Z","receivedAt":"2026-05-15T20:50:00.690809Z"},{"id":1518,"fincertId":"FINCERT-2026-001518","incidentId":10749,"idempotencyKey":"incident-10749","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:00.584003Z","receivedAt":"2026-05-15T20:50:00.596610Z"},{"id":1517,"fincertId":"FINCERT-2026-001517","incidentId":10748,"idempotencyKey":"incident-10748","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:00.563510Z","receivedAt":"2026-05-15T20:50:00.576832Z"},{"id":1516,"fincertId":"FINCERT-2026-001516","incidentId":10747,"idempotencyKey":"incident-10747","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:00.540322Z","receivedAt":"2026-05-15T20:50:00.555834Z"},{"id":1515,"fincertId":"FINCERT-2026-001515","incidentId":10742,"idempotencyKey":"incident-10742","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:00.418812Z","receivedAt":"2026-05-15T20:50:00.432131Z"},{"id":1514,"fincertId":"FINCERT-2026-001514","incidentId":10741,"idempotencyKey":"incident-10741","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:00.397556Z","receivedAt":"2026-05-15T20:50:00.411095Z"},{"id":1513,"fincertId":"FINCERT-2026-001513","incidentId":10740,"idempotencyKey":"incident-10740","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:00.376008Z","receivedAt":"2026-05-15T20:50:00.390372Z"},{"id":1512,"fincertId":"FINCERT-2026-001512","incidentId":10733,"idempotencyKey":"incident-10733","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:00.245740Z","receivedAt":"2026-05-15T20:50:00.264606Z"},{"id":1511,"fincertId":"FINCERT-2026-001511","incidentId":10732,"idempotencyKey":"incident-10732","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:50:00.202646Z","receivedAt":"2026-05-15T20:50:00.231426Z"},{"id":1510,"fincertId":"FINCERT-2026-001510","incidentId":10727,"idempotencyKey":"incident-10727","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:50:00.077590Z","receivedAt":"2026-05-15T20:50:00.088773Z"},{"id":1509,"fincertId":"FINCERT-2026-001509","incidentId":10724,"idempotencyKey":"incident-10724","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:50:00.020120Z","receivedAt":"2026-05-15T20:50:00.038763Z"},{"id":1508,"fincertId":"FINCERT-2026-001508","incidentId":10717,"idempotencyKey":"incident-10717","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:59.884381Z","receivedAt":"2026-05-15T20:49:59.896696Z"},{"id":1507,"fincertId":"FINCERT-2026-001507","incidentId":10715,"idempotencyKey":"incident-10715","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:59.849070Z","receivedAt":"2026-05-15T20:49:59.862612Z"},{"id":1506,"fincertId":"FINCERT-2026-001506","incidentId":10714,"idempotencyKey":"incident-10714","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:59.807719Z","receivedAt":"2026-05-15T20:49:59.839001Z"},{"id":1505,"fincertId":"FINCERT-2026-001505","incidentId":10711,"idempotencyKey":"incident-10711","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:59.741796Z","receivedAt":"2026-05-15T20:49:59.754118Z"},{"id":1504,"fincertId":"FINCERT-2026-001504","incidentId":10707,"idempotencyKey":"incident-10707","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:59.675156Z","receivedAt":"2026-05-15T20:49:59.688827Z"},{"id":1503,"fincertId":"FINCERT-2026-001503","incidentId":10702,"idempotencyKey":"incident-10702","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:59.583294Z","receivedAt":"2026-05-15T20:49:59.595109Z"},{"id":1502,"fincertId":"FINCERT-2026-001502","incidentId":10699,"idempotencyKey":"incident-10699","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:59.526960Z","receivedAt":"2026-05-15T20:49:59.541511Z"},{"id":1501,"fincertId":"FINCERT-2026-001501","incidentId":10696,"idempotencyKey":"incident-10696","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:59.457426Z","receivedAt":"2026-05-15T20:49:59.482002Z"},{"id":1500,"fincertId":"FINCERT-2026-001500","incidentId":10694,"idempotencyKey":"incident-10694","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:59.392091Z","receivedAt":"2026-05-15T20:49:59.407192Z"},{"id":1499,"fincertId":"FINCERT-2026-001499","incidentId":10691,"idempotencyKey":"incident-10691","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:59.335696Z","receivedAt":"2026-05-15T20:49:59.352425Z"},{"id":1498,"fincertId":"FINCERT-2026-001498","incidentId":10687,"idempotencyKey":"incident-10687","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:59.256865Z","receivedAt":"2026-05-15T20:49:59.269438Z"},{"id":1497,"fincertId":"FINCERT-2026-001497","incidentId":10686,"idempotencyKey":"incident-10686","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:59.226280Z","receivedAt":"2026-05-15T20:49:59.249394Z"},{"id":1496,"fincertId":"FINCERT-2026-001496","incidentId":10675,"idempotencyKey":"incident-10675","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:58.992654Z","receivedAt":"2026-05-15T20:49:59.009438Z"},{"id":1495,"fincertId":"FINCERT-2026-001495","incidentId":10674,"idempotencyKey":"incident-10674","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:58.950614Z","receivedAt":"2026-05-15T20:49:58.967699Z"},{"id":1494,"fincertId":"FINCERT-2026-001494","incidentId":10672,"idempotencyKey":"incident-10672","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:58.908492Z","receivedAt":"2026-05-15T20:49:58.924212Z"},{"id":1493,"fincertId":"FINCERT-2026-001493","incidentId":10671,"idempotencyKey":"incident-10671","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:58.886576Z","receivedAt":"2026-05-15T20:49:58.900369Z"},{"id":1492,"fincertId":"FINCERT-2026-001492","incidentId":10669,"idempotencyKey":"incident-10669","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:58.847765Z","receivedAt":"2026-05-15T20:49:58.862731Z"},{"id":1491,"fincertId":"FINCERT-2026-001491","incidentId":10667,"idempotencyKey":"incident-10667","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:58.799749Z","receivedAt":"2026-05-15T20:49:58.824703Z"},{"id":1490,"fincertId":"FINCERT-2026-001490","incidentId":10666,"idempotencyKey":"incident-10666","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:58.768824Z","receivedAt":"2026-05-15T20:49:58.782333Z"},{"id":1489,"fincertId":"FINCERT-2026-001489","incidentId":10664,"idempotencyKey":"incident-10664","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:58.719975Z","receivedAt":"2026-05-15T20:49:58.733991Z"},{"id":1488,"fincertId":"FINCERT-2026-001488","incidentId":10657,"idempotencyKey":"incident-10657","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:58.583164Z","receivedAt":"2026-05-15T20:49:58.595981Z"},{"id":1487,"fincertId":"FINCERT-2026-001487","incidentId":10652,"idempotencyKey":"incident-10652","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:58.440567Z","receivedAt":"2026-05-15T20:49:58.461017Z"},{"id":1486,"fincertId":"FINCERT-2026-001486","incidentId":10640,"idempotencyKey":"incident-10640","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:58.225381Z","receivedAt":"2026-05-15T20:49:58.240084Z"},{"id":1485,"fincertId":"FINCERT-2026-001485","incidentId":10639,"idempotencyKey":"incident-10639","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:58.203481Z","receivedAt":"2026-05-15T20:49:58.217889Z"},{"id":1484,"fincertId":"FINCERT-2026-001484","incidentId":10634,"idempotencyKey":"incident-10634","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:58.099657Z","receivedAt":"2026-05-15T20:49:58.126203Z"},{"id":1483,"fincertId":"FINCERT-2026-001483","incidentId":10628,"idempotencyKey":"incident-10628","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:58.011849Z","receivedAt":"2026-05-15T20:49:58.024681Z"},{"id":1482,"fincertId":"FINCERT-2026-001482","incidentId":10622,"idempotencyKey":"incident-10622","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:57.905081Z","receivedAt":"2026-05-15T20:49:57.916964Z"},{"id":1481,"fincertId":"FINCERT-2026-001481","incidentId":10620,"idempotencyKey":"incident-10620","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:57.865703Z","receivedAt":"2026-05-15T20:49:57.877362Z"},{"id":1480,"fincertId":"FINCERT-2026-001480","incidentId":10618,"idempotencyKey":"incident-10618","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:57.800149Z","receivedAt":"2026-05-15T20:49:57.821245Z"},{"id":1479,"fincertId":"FINCERT-2026-001479","incidentId":10615,"idempotencyKey":"incident-10615","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:57.743966Z","receivedAt":"2026-05-15T20:49:57.757855Z"},{"id":1478,"fincertId":"FINCERT-2026-001478","incidentId":10610,"idempotencyKey":"incident-10610","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:57.652426Z","receivedAt":"2026-05-15T20:49:57.669774Z"},{"id":1477,"fincertId":"FINCERT-2026-001477","incidentId":10607,"idempotencyKey":"incident-10607","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:57.568419Z","receivedAt":"2026-05-15T20:49:57.600757Z"},{"id":1476,"fincertId":"FINCERT-2026-001476","incidentId":10603,"idempotencyKey":"incident-10603","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:57.426850Z","receivedAt":"2026-05-15T20:49:57.455596Z"},{"id":1475,"fincertId":"FINCERT-2026-001475","incidentId":10597,"idempotencyKey":"incident-10597","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:57.221590Z","receivedAt":"2026-05-15T20:49:57.237074Z"},{"id":1474,"fincertId":"FINCERT-2026-001474","incidentId":10591,"idempotencyKey":"incident-10591","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:57.095574Z","receivedAt":"2026-05-15T20:49:57.117300Z"},{"id":1473,"fincertId":"FINCERT-2026-001473","incidentId":10589,"idempotencyKey":"incident-10589","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:57.063817Z","receivedAt":"2026-05-15T20:49:57.076296Z"},{"id":1472,"fincertId":"FINCERT-2026-001472","incidentId":10578,"idempotencyKey":"incident-10578","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:56.562451Z","receivedAt":"2026-05-15T20:49:56.581316Z"},{"id":1471,"fincertId":"FINCERT-2026-001471","incidentId":10576,"idempotencyKey":"incident-10576","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:56.495566Z","receivedAt":"2026-05-15T20:49:56.516696Z"},{"id":1470,"fincertId":"FINCERT-2026-001470","incidentId":10575,"idempotencyKey":"incident-10575","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:56.435480Z","receivedAt":"2026-05-15T20:49:56.453659Z"},{"id":1469,"fincertId":"FINCERT-2026-001469","incidentId":10560,"idempotencyKey":"incident-10560","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:56.150780Z","receivedAt":"2026-05-15T20:49:56.166326Z"},{"id":1468,"fincertId":"FINCERT-2026-001468","incidentId":10558,"idempotencyKey":"incident-10558","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:56.092111Z","receivedAt":"2026-05-15T20:49:56.116613Z"},{"id":1467,"fincertId":"FINCERT-2026-001467","incidentId":10551,"idempotencyKey":"incident-10551","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:55.944787Z","receivedAt":"2026-05-15T20:49:55.973439Z"},{"id":1466,"fincertId":"FINCERT-2026-001466","incidentId":10549,"idempotencyKey":"incident-10549","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:55.900129Z","receivedAt":"2026-05-15T20:49:55.914958Z"},{"id":1465,"fincertId":"FINCERT-2026-001465","incidentId":10541,"idempotencyKey":"incident-10541","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:55.692552Z","receivedAt":"2026-05-15T20:49:55.711926Z"},{"id":1464,"fincertId":"FINCERT-2026-001464","incidentId":10535,"idempotencyKey":"incident-10535","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:55.467490Z","receivedAt":"2026-05-15T20:49:55.498539Z"},{"id":1463,"fincertId":"FINCERT-2026-001463","incidentId":10526,"idempotencyKey":"incident-10526","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:55.318130Z","receivedAt":"2026-05-15T20:49:55.337059Z"},{"id":1462,"fincertId":"FINCERT-2026-001462","incidentId":10522,"idempotencyKey":"incident-10522","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:55.251649Z","receivedAt":"2026-05-15T20:49:55.264622Z"},{"id":1461,"fincertId":"FINCERT-2026-001461","incidentId":10521,"idempotencyKey":"incident-10521","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:55.233207Z","receivedAt":"2026-05-15T20:49:55.244476Z"},{"id":1460,"fincertId":"FINCERT-2026-001460","incidentId":10516,"idempotencyKey":"incident-10516","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:55.144441Z","receivedAt":"2026-05-15T20:49:55.158043Z"},{"id":1459,"fincertId":"FINCERT-2026-001459","incidentId":10515,"idempotencyKey":"incident-10515","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:55.099826Z","receivedAt":"2026-05-15T20:49:55.132207Z"},{"id":1458,"fincertId":"FINCERT-2026-001458","incidentId":10514,"idempotencyKey":"incident-10514","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:55.065731Z","receivedAt":"2026-05-15T20:49:55.078322Z"},{"id":1457,"fincertId":"FINCERT-2026-001457","incidentId":10509,"idempotencyKey":"incident-10509","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:54.938563Z","receivedAt":"2026-05-15T20:49:54.951764Z"},{"id":1456,"fincertId":"FINCERT-2026-001456","incidentId":10507,"idempotencyKey":"incident-10507","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:54.884599Z","receivedAt":"2026-05-15T20:49:54.910638Z"},{"id":1455,"fincertId":"FINCERT-2026-001455","incidentId":10504,"idempotencyKey":"incident-10504","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:54.818433Z","receivedAt":"2026-05-15T20:49:54.836980Z"},{"id":1454,"fincertId":"FINCERT-2026-001454","incidentId":10502,"idempotencyKey":"incident-10502","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:54.772927Z","receivedAt":"2026-05-15T20:49:54.785659Z"},{"id":1453,"fincertId":"FINCERT-2026-001453","incidentId":10488,"idempotencyKey":"incident-10488","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:54.428166Z","receivedAt":"2026-05-15T20:49:54.446967Z"},{"id":1452,"fincertId":"FINCERT-2026-001452","incidentId":10487,"idempotencyKey":"incident-10487","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:54.398544Z","receivedAt":"2026-05-15T20:49:54.410029Z"},{"id":1451,"fincertId":"FINCERT-2026-001451","incidentId":10485,"idempotencyKey":"incident-10485","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:54.367487Z","receivedAt":"2026-05-15T20:49:54.377821Z"},{"id":1450,"fincertId":"FINCERT-2026-001450","incidentId":10483,"idempotencyKey":"incident-10483","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:54.309831Z","receivedAt":"2026-05-15T20:49:54.332727Z"},{"id":1449,"fincertId":"FINCERT-2026-001449","incidentId":10481,"idempotencyKey":"incident-10481","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:54.253596Z","receivedAt":"2026-05-15T20:49:54.270930Z"},{"id":1448,"fincertId":"FINCERT-2026-001448","incidentId":10480,"idempotencyKey":"incident-10480","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:54.225697Z","receivedAt":"2026-05-15T20:49:54.241774Z"},{"id":1447,"fincertId":"FINCERT-2026-001447","incidentId":10478,"idempotencyKey":"incident-10478","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:54.175609Z","receivedAt":"2026-05-15T20:49:54.196048Z"},{"id":1446,"fincertId":"FINCERT-2026-001446","incidentId":10477,"idempotencyKey":"incident-10477","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:54.123703Z","receivedAt":"2026-05-15T20:49:54.155150Z"},{"id":1445,"fincertId":"FINCERT-2026-001445","incidentId":10474,"idempotencyKey":"incident-10474","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:54.053841Z","receivedAt":"2026-05-15T20:49:54.072016Z"},{"id":1444,"fincertId":"FINCERT-2026-001444","incidentId":10473,"idempotencyKey":"incident-10473","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:54.001625Z","receivedAt":"2026-05-15T20:49:54.030686Z"},{"id":1443,"fincertId":"FINCERT-2026-001443","incidentId":10469,"idempotencyKey":"incident-10469","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:53.888013Z","receivedAt":"2026-05-15T20:49:53.914479Z"},{"id":1442,"fincertId":"FINCERT-2026-001442","incidentId":10461,"idempotencyKey":"incident-10461","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:53.720725Z","receivedAt":"2026-05-15T20:49:53.735319Z"},{"id":1441,"fincertId":"FINCERT-2026-001441","incidentId":10458,"idempotencyKey":"incident-10458","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:53.651156Z","receivedAt":"2026-05-15T20:49:53.666212Z"},{"id":1440,"fincertId":"FINCERT-2026-001440","incidentId":10439,"idempotencyKey":"incident-10439","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:53.245081Z","receivedAt":"2026-05-15T20:49:53.257655Z"},{"id":1439,"fincertId":"FINCERT-2026-001439","incidentId":10435,"idempotencyKey":"incident-10435","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:53.154560Z","receivedAt":"2026-05-15T20:49:53.178053Z"},{"id":1438,"fincertId":"FINCERT-2026-001438","incidentId":10431,"idempotencyKey":"incident-10431","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:53.066396Z","receivedAt":"2026-05-15T20:49:53.083218Z"},{"id":1437,"fincertId":"FINCERT-2026-001437","incidentId":10430,"idempotencyKey":"incident-10430","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:53.041091Z","receivedAt":"2026-05-15T20:49:53.057617Z"},{"id":1436,"fincertId":"FINCERT-2026-001436","incidentId":10429,"idempotencyKey":"incident-10429","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:53.014507Z","receivedAt":"2026-05-15T20:49:53.032666Z"},{"id":1435,"fincertId":"FINCERT-2026-001435","incidentId":10428,"idempotencyKey":"incident-10428","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:52.948538Z","receivedAt":"2026-05-15T20:49:52.974574Z"},{"id":1434,"fincertId":"FINCERT-2026-001434","incidentId":10427,"idempotencyKey":"incident-10427","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:52.915799Z","receivedAt":"2026-05-15T20:49:52.929901Z"},{"id":1433,"fincertId":"FINCERT-2026-001433","incidentId":10422,"idempotencyKey":"incident-10422","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:52.796566Z","receivedAt":"2026-05-15T20:49:52.828027Z"},{"id":1432,"fincertId":"FINCERT-2026-001432","incidentId":10416,"idempotencyKey":"incident-10416","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:52.608216Z","receivedAt":"2026-05-15T20:49:52.639584Z"},{"id":1431,"fincertId":"FINCERT-2026-001431","incidentId":10409,"idempotencyKey":"incident-10409","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:52.380527Z","receivedAt":"2026-05-15T20:49:52.403063Z"},{"id":1430,"fincertId":"FINCERT-2026-001430","incidentId":10404,"idempotencyKey":"incident-10404","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:52.262807Z","receivedAt":"2026-05-15T20:49:52.276740Z"},{"id":1429,"fincertId":"FINCERT-2026-001429","incidentId":10400,"idempotencyKey":"incident-10400","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:52.156076Z","receivedAt":"2026-05-15T20:49:52.176511Z"},{"id":1428,"fincertId":"FINCERT-2026-001428","incidentId":10399,"idempotencyKey":"incident-10399","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:52.128140Z","receivedAt":"2026-05-15T20:49:52.147402Z"},{"id":1427,"fincertId":"FINCERT-2026-001427","incidentId":10397,"idempotencyKey":"incident-10397","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:52.080768Z","receivedAt":"2026-05-15T20:49:52.098550Z"},{"id":1426,"fincertId":"FINCERT-2026-001426","incidentId":10393,"idempotencyKey":"incident-10393","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:52.001161Z","receivedAt":"2026-05-15T20:49:52.016511Z"},{"id":1425,"fincertId":"FINCERT-2026-001425","incidentId":10390,"idempotencyKey":"incident-10390","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:51.925587Z","receivedAt":"2026-05-15T20:49:51.939894Z"},{"id":1424,"fincertId":"FINCERT-2026-001424","incidentId":10380,"idempotencyKey":"incident-10380","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:51.695536Z","receivedAt":"2026-05-15T20:49:51.724671Z"},{"id":1423,"fincertId":"FINCERT-2026-001423","incidentId":10376,"idempotencyKey":"incident-10376","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:51.551541Z","receivedAt":"2026-05-15T20:49:51.565456Z"},{"id":1422,"fincertId":"FINCERT-2026-001422","incidentId":10370,"idempotencyKey":"incident-10370","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:51.379669Z","receivedAt":"2026-05-15T20:49:51.394985Z"},{"id":1421,"fincertId":"FINCERT-2026-001421","incidentId":10369,"idempotencyKey":"incident-10369","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:51.337856Z","receivedAt":"2026-05-15T20:49:51.365834Z"},{"id":1420,"fincertId":"FINCERT-2026-001420","incidentId":10367,"idempotencyKey":"incident-10367","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:51.275239Z","receivedAt":"2026-05-15T20:49:51.288906Z"},{"id":1419,"fincertId":"FINCERT-2026-001419","incidentId":10366,"idempotencyKey":"incident-10366","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:51.246571Z","receivedAt":"2026-05-15T20:49:51.264542Z"},{"id":1418,"fincertId":"FINCERT-2026-001418","incidentId":10362,"idempotencyKey":"incident-10362","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:51.114016Z","receivedAt":"2026-05-15T20:49:51.142425Z"},{"id":1417,"fincertId":"FINCERT-2026-001417","incidentId":10361,"idempotencyKey":"incident-10361","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:51.086517Z","receivedAt":"2026-05-15T20:49:51.102099Z"},{"id":1416,"fincertId":"FINCERT-2026-001416","incidentId":10358,"idempotencyKey":"incident-10358","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:51.024155Z","receivedAt":"2026-05-15T20:49:51.041714Z"},{"id":1415,"fincertId":"FINCERT-2026-001415","incidentId":10354,"idempotencyKey":"incident-10354","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:50.898803Z","receivedAt":"2026-05-15T20:49:50.915480Z"},{"id":1414,"fincertId":"FINCERT-2026-001414","incidentId":10349,"idempotencyKey":"incident-10349","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:50.782506Z","receivedAt":"2026-05-15T20:49:50.794543Z"},{"id":1413,"fincertId":"FINCERT-2026-001413","incidentId":10344,"idempotencyKey":"incident-10344","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:50.693688Z","receivedAt":"2026-05-15T20:49:50.708878Z"},{"id":1412,"fincertId":"FINCERT-2026-001412","incidentId":10342,"idempotencyKey":"incident-10342","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:50.650518Z","receivedAt":"2026-05-15T20:49:50.668510Z"},{"id":1411,"fincertId":"FINCERT-2026-001411","incidentId":10341,"idempotencyKey":"incident-10341","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:50.603630Z","receivedAt":"2026-05-15T20:49:50.638380Z"},{"id":1410,"fincertId":"FINCERT-2026-001410","incidentId":10337,"idempotencyKey":"incident-10337","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:50.523674Z","receivedAt":"2026-05-15T20:49:50.543967Z"},{"id":1409,"fincertId":"FINCERT-2026-001409","incidentId":10335,"idempotencyKey":"incident-10335","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:50.485779Z","receivedAt":"2026-05-15T20:49:50.500494Z"},{"id":1408,"fincertId":"FINCERT-2026-001408","incidentId":10326,"idempotencyKey":"incident-10326","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:50.263942Z","receivedAt":"2026-05-15T20:49:50.281697Z"},{"id":1407,"fincertId":"FINCERT-2026-001407","incidentId":10318,"idempotencyKey":"incident-10318","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:50.037613Z","receivedAt":"2026-05-15T20:49:50.085317Z"},{"id":1406,"fincertId":"FINCERT-2026-001406","incidentId":10314,"idempotencyKey":"incident-10314","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:49.910558Z","receivedAt":"2026-05-15T20:49:49.929199Z"},{"id":1405,"fincertId":"FINCERT-2026-001405","incidentId":10313,"idempotencyKey":"incident-10313","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:49.883376Z","receivedAt":"2026-05-15T20:49:49.901148Z"},{"id":1404,"fincertId":"FINCERT-2026-001404","incidentId":10312,"idempotencyKey":"incident-10312","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:49.852757Z","receivedAt":"2026-05-15T20:49:49.875423Z"},{"id":1403,"fincertId":"FINCERT-2026-001403","incidentId":10310,"idempotencyKey":"incident-10310","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:49.785564Z","receivedAt":"2026-05-15T20:49:49.799031Z"},{"id":1402,"fincertId":"FINCERT-2026-001402","incidentId":10305,"idempotencyKey":"incident-10305","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:49.696500Z","receivedAt":"2026-05-15T20:49:49.719434Z"},{"id":1401,"fincertId":"FINCERT-2026-001401","incidentId":10302,"idempotencyKey":"incident-10302","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:49.586763Z","receivedAt":"2026-05-15T20:49:49.600663Z"},{"id":1400,"fincertId":"FINCERT-2026-001400","incidentId":10298,"idempotencyKey":"incident-10298","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:49.489561Z","receivedAt":"2026-05-15T20:49:49.504134Z"},{"id":1399,"fincertId":"FINCERT-2026-001399","incidentId":10297,"idempotencyKey":"incident-10297","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:49.458442Z","receivedAt":"2026-05-15T20:49:49.481644Z"},{"id":1398,"fincertId":"FINCERT-2026-001398","incidentId":10294,"idempotencyKey":"incident-10294","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:49.389683Z","receivedAt":"2026-05-15T20:49:49.409845Z"},{"id":1397,"fincertId":"FINCERT-2026-001397","incidentId":10293,"idempotencyKey":"incident-10293","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:49.339214Z","receivedAt":"2026-05-15T20:49:49.377942Z"},{"id":1396,"fincertId":"FINCERT-2026-001396","incidentId":10292,"idempotencyKey":"incident-10292","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:49.291294Z","receivedAt":"2026-05-15T20:49:49.316510Z"},{"id":1395,"fincertId":"FINCERT-2026-001395","incidentId":10291,"idempotencyKey":"incident-10291","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:49.269993Z","receivedAt":"2026-05-15T20:49:49.282856Z"},{"id":1394,"fincertId":"FINCERT-2026-001394","incidentId":10278,"idempotencyKey":"incident-10278","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:49.034504Z","receivedAt":"2026-05-15T20:49:49.047440Z"},{"id":1393,"fincertId":"FINCERT-2026-001393","incidentId":10269,"idempotencyKey":"incident-10269","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:48.828428Z","receivedAt":"2026-05-15T20:49:48.872759Z"},{"id":1392,"fincertId":"FINCERT-2026-001392","incidentId":10266,"idempotencyKey":"incident-10266","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:48.767138Z","receivedAt":"2026-05-15T20:49:48.780773Z"},{"id":1391,"fincertId":"FINCERT-2026-001391","incidentId":10255,"idempotencyKey":"incident-10255","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:48.547979Z","receivedAt":"2026-05-15T20:49:48.563668Z"},{"id":1390,"fincertId":"FINCERT-2026-001390","incidentId":10254,"idempotencyKey":"incident-10254","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:48.524825Z","receivedAt":"2026-05-15T20:49:48.538796Z"},{"id":1389,"fincertId":"FINCERT-2026-001389","incidentId":10251,"idempotencyKey":"incident-10251","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:48.449726Z","receivedAt":"2026-05-15T20:49:48.473666Z"},{"id":1388,"fincertId":"FINCERT-2026-001388","incidentId":10248,"idempotencyKey":"incident-10248","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:48.399094Z","receivedAt":"2026-05-15T20:49:48.414029Z"},{"id":1387,"fincertId":"FINCERT-2026-001387","incidentId":10245,"idempotencyKey":"incident-10245","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:48.347424Z","receivedAt":"2026-05-15T20:49:48.360113Z"},{"id":1386,"fincertId":"FINCERT-2026-001386","incidentId":10237,"idempotencyKey":"incident-10237","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:48.206357Z","receivedAt":"2026-05-15T20:49:48.222102Z"},{"id":1385,"fincertId":"FINCERT-2026-001385","incidentId":10230,"idempotencyKey":"incident-10230","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:47.931447Z","receivedAt":"2026-05-15T20:49:47.944466Z"},{"id":1384,"fincertId":"FINCERT-2026-001384","incidentId":10229,"idempotencyKey":"incident-10229","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:47.897050Z","receivedAt":"2026-05-15T20:49:47.909036Z"},{"id":1383,"fincertId":"FINCERT-2026-001383","incidentId":10226,"idempotencyKey":"incident-10226","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:47.822356Z","receivedAt":"2026-05-15T20:49:47.847098Z"},{"id":1382,"fincertId":"FINCERT-2026-001382","incidentId":10222,"idempotencyKey":"incident-10222","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:47.749515Z","receivedAt":"2026-05-15T20:49:47.764005Z"},{"id":1381,"fincertId":"FINCERT-2026-001381","incidentId":10220,"idempotencyKey":"incident-10220","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:47.705137Z","receivedAt":"2026-05-15T20:49:47.717883Z"},{"id":1380,"fincertId":"FINCERT-2026-001380","incidentId":10219,"idempotencyKey":"incident-10219","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:47.642468Z","receivedAt":"2026-05-15T20:49:47.694075Z"},{"id":1379,"fincertId":"FINCERT-2026-001379","incidentId":10216,"idempotencyKey":"incident-10216","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:47.563580Z","receivedAt":"2026-05-15T20:49:47.581498Z"},{"id":1378,"fincertId":"FINCERT-2026-001378","incidentId":10215,"idempotencyKey":"incident-10215","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:47.523958Z","receivedAt":"2026-05-15T20:49:47.555489Z"},{"id":1377,"fincertId":"FINCERT-2026-001377","incidentId":10210,"idempotencyKey":"incident-10210","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:47.391242Z","receivedAt":"2026-05-15T20:49:47.404299Z"},{"id":1376,"fincertId":"FINCERT-2026-001376","incidentId":10209,"idempotencyKey":"incident-10209","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:47.349617Z","receivedAt":"2026-05-15T20:49:47.382974Z"},{"id":1375,"fincertId":"FINCERT-2026-001375","incidentId":10205,"idempotencyKey":"incident-10205","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:47.250241Z","receivedAt":"2026-05-15T20:49:47.263517Z"},{"id":1374,"fincertId":"FINCERT-2026-001374","incidentId":10203,"idempotencyKey":"incident-10203","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:47.199375Z","receivedAt":"2026-05-15T20:49:47.215760Z"},{"id":1373,"fincertId":"FINCERT-2026-001373","incidentId":10199,"idempotencyKey":"incident-10199","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:47.139303Z","receivedAt":"2026-05-15T20:49:47.151974Z"},{"id":1372,"fincertId":"FINCERT-2026-001372","incidentId":10196,"idempotencyKey":"incident-10196","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:47.088079Z","receivedAt":"2026-05-15T20:49:47.100655Z"},{"id":1371,"fincertId":"FINCERT-2026-001371","incidentId":10195,"idempotencyKey":"incident-10195","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:47.060779Z","receivedAt":"2026-05-15T20:49:47.077899Z"},{"id":1370,"fincertId":"FINCERT-2026-001370","incidentId":10194,"idempotencyKey":"incident-10194","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:47.023110Z","receivedAt":"2026-05-15T20:49:47.051128Z"},{"id":1369,"fincertId":"FINCERT-2026-001369","incidentId":10193,"idempotencyKey":"incident-10193","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:46.961111Z","receivedAt":"2026-05-15T20:49:47.002739Z"},{"id":1368,"fincertId":"FINCERT-2026-001368","incidentId":10191,"idempotencyKey":"incident-10191","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:46.790765Z","receivedAt":"2026-05-15T20:49:46.858424Z"},{"id":1367,"fincertId":"FINCERT-2026-001367","incidentId":10186,"idempotencyKey":"incident-10186","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:46.537518Z","receivedAt":"2026-05-15T20:49:46.553529Z"},{"id":1366,"fincertId":"FINCERT-2026-001366","incidentId":10184,"idempotencyKey":"incident-10184","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:46.449899Z","receivedAt":"2026-05-15T20:49:46.485605Z"},{"id":1365,"fincertId":"FINCERT-2026-001365","incidentId":10175,"idempotencyKey":"incident-10175","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:46.236550Z","receivedAt":"2026-05-15T20:49:46.252980Z"},{"id":1364,"fincertId":"FINCERT-2026-001364","incidentId":10172,"idempotencyKey":"incident-10172","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:46.185929Z","receivedAt":"2026-05-15T20:49:46.200912Z"},{"id":1363,"fincertId":"FINCERT-2026-001363","incidentId":10168,"idempotencyKey":"incident-10168","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:46.074565Z","receivedAt":"2026-05-15T20:49:46.090124Z"},{"id":1362,"fincertId":"FINCERT-2026-001362","incidentId":10164,"idempotencyKey":"incident-10164","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:45.994926Z","receivedAt":"2026-05-15T20:49:46.023497Z"},{"id":1361,"fincertId":"FINCERT-2026-001361","incidentId":10163,"idempotencyKey":"incident-10163","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:45.951639Z","receivedAt":"2026-05-15T20:49:45.979015Z"},{"id":1360,"fincertId":"FINCERT-2026-001360","incidentId":10160,"idempotencyKey":"incident-10160","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:45.809867Z","receivedAt":"2026-05-15T20:49:45.837968Z"},{"id":1359,"fincertId":"FINCERT-2026-001359","incidentId":10156,"idempotencyKey":"incident-10156","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:45.700052Z","receivedAt":"2026-05-15T20:49:45.723219Z"},{"id":1358,"fincertId":"FINCERT-2026-001358","incidentId":10150,"idempotencyKey":"incident-10150","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:45.549966Z","receivedAt":"2026-05-15T20:49:45.565726Z"},{"id":1357,"fincertId":"FINCERT-2026-001357","incidentId":10145,"idempotencyKey":"incident-10145","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:45.432241Z","receivedAt":"2026-05-15T20:49:45.448539Z"},{"id":1356,"fincertId":"FINCERT-2026-001356","incidentId":10144,"idempotencyKey":"incident-10144","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:45.410Z","receivedAt":"2026-05-15T20:49:45.423731Z"},{"id":1355,"fincertId":"FINCERT-2026-001355","incidentId":10142,"idempotencyKey":"incident-10142","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:45.362415Z","receivedAt":"2026-05-15T20:49:45.376521Z"},{"id":1354,"fincertId":"FINCERT-2026-001354","incidentId":10140,"idempotencyKey":"incident-10140","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:45.309515Z","receivedAt":"2026-05-15T20:49:45.335652Z"},{"id":1353,"fincertId":"FINCERT-2026-001353","incidentId":10138,"idempotencyKey":"incident-10138","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:45.253848Z","receivedAt":"2026-05-15T20:49:45.276331Z"},{"id":1352,"fincertId":"FINCERT-2026-001352","incidentId":10135,"idempotencyKey":"incident-10135","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:45.149869Z","receivedAt":"2026-05-15T20:49:45.184924Z"},{"id":1351,"fincertId":"FINCERT-2026-001351","incidentId":10133,"idempotencyKey":"incident-10133","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:45.074095Z","receivedAt":"2026-05-15T20:49:45.095160Z"},{"id":1350,"fincertId":"FINCERT-2026-001350","incidentId":10132,"idempotencyKey":"incident-10132","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:45.049939Z","receivedAt":"2026-05-15T20:49:45.066144Z"},{"id":1349,"fincertId":"FINCERT-2026-001349","incidentId":10128,"idempotencyKey":"incident-10128","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:44.973046Z","receivedAt":"2026-05-15T20:49:44.992090Z"},{"id":1348,"fincertId":"FINCERT-2026-001348","incidentId":10127,"idempotencyKey":"incident-10127","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:44.942979Z","receivedAt":"2026-05-15T20:49:44.962244Z"},{"id":1347,"fincertId":"FINCERT-2026-001347","incidentId":10122,"idempotencyKey":"incident-10122","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:44.821674Z","receivedAt":"2026-05-15T20:49:44.854954Z"},{"id":1346,"fincertId":"FINCERT-2026-001346","incidentId":10107,"idempotencyKey":"incident-10107","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:44.514068Z","receivedAt":"2026-05-15T20:49:44.542401Z"},{"id":1345,"fincertId":"FINCERT-2026-001345","incidentId":10101,"idempotencyKey":"incident-10101","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:44.369508Z","receivedAt":"2026-05-15T20:49:44.390625Z"},{"id":1344,"fincertId":"FINCERT-2026-001344","incidentId":10100,"idempotencyKey":"incident-10100","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:44.311677Z","receivedAt":"2026-05-15T20:49:44.340891Z"},{"id":1343,"fincertId":"FINCERT-2026-001343","incidentId":10097,"idempotencyKey":"incident-10097","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:44.226432Z","receivedAt":"2026-05-15T20:49:44.258539Z"},{"id":1342,"fincertId":"FINCERT-2026-001342","incidentId":10095,"idempotencyKey":"incident-10095","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:44.115941Z","receivedAt":"2026-05-15T20:49:44.153115Z"},{"id":1341,"fincertId":"FINCERT-2026-001341","incidentId":10093,"idempotencyKey":"incident-10093","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:44.049678Z","receivedAt":"2026-05-15T20:49:44.079691Z"},{"id":1340,"fincertId":"FINCERT-2026-001340","incidentId":10089,"idempotencyKey":"incident-10089","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:43.949810Z","receivedAt":"2026-05-15T20:49:43.963870Z"},{"id":1339,"fincertId":"FINCERT-2026-001339","incidentId":10087,"idempotencyKey":"incident-10087","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:43.913530Z","receivedAt":"2026-05-15T20:49:43.926794Z"},{"id":1338,"fincertId":"FINCERT-2026-001338","incidentId":10085,"idempotencyKey":"incident-10085","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:43.854902Z","receivedAt":"2026-05-15T20:49:43.877125Z"},{"id":1337,"fincertId":"FINCERT-2026-001337","incidentId":10082,"idempotencyKey":"incident-10082","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:43.761952Z","receivedAt":"2026-05-15T20:49:43.778743Z"},{"id":1336,"fincertId":"FINCERT-2026-001336","incidentId":10080,"idempotencyKey":"incident-10080","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:43.722779Z","receivedAt":"2026-05-15T20:49:43.735753Z"},{"id":1335,"fincertId":"FINCERT-2026-001335","incidentId":10077,"idempotencyKey":"incident-10077","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:43.663792Z","receivedAt":"2026-05-15T20:49:43.676745Z"},{"id":1334,"fincertId":"FINCERT-2026-001334","incidentId":10069,"idempotencyKey":"incident-10069","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:43.519883Z","receivedAt":"2026-05-15T20:49:43.533986Z"},{"id":1333,"fincertId":"FINCERT-2026-001333","incidentId":10066,"idempotencyKey":"incident-10066","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:43.461129Z","receivedAt":"2026-05-15T20:49:43.479085Z"},{"id":1332,"fincertId":"FINCERT-2026-001332","incidentId":10065,"idempotencyKey":"incident-10065","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:43.420942Z","receivedAt":"2026-05-15T20:49:43.438604Z"},{"id":1331,"fincertId":"FINCERT-2026-001331","incidentId":10063,"idempotencyKey":"incident-10063","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:43.383509Z","receivedAt":"2026-05-15T20:49:43.396770Z"},{"id":1330,"fincertId":"FINCERT-2026-001330","incidentId":10061,"idempotencyKey":"incident-10061","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:43.345581Z","receivedAt":"2026-05-15T20:49:43.361286Z"},{"id":1329,"fincertId":"FINCERT-2026-001329","incidentId":10059,"idempotencyKey":"incident-10059","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:43.259976Z","receivedAt":"2026-05-15T20:49:43.275995Z"},{"id":1328,"fincertId":"FINCERT-2026-001328","incidentId":10051,"idempotencyKey":"incident-10051","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:43.063895Z","receivedAt":"2026-05-15T20:49:43.078880Z"},{"id":1327,"fincertId":"FINCERT-2026-001327","incidentId":10049,"idempotencyKey":"incident-10049","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:42.989149Z","receivedAt":"2026-05-15T20:49:43.014493Z"},{"id":1326,"fincertId":"FINCERT-2026-001326","incidentId":10047,"idempotencyKey":"incident-10047","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:42.919905Z","receivedAt":"2026-05-15T20:49:42.932705Z"},{"id":1325,"fincertId":"FINCERT-2026-001325","incidentId":10044,"idempotencyKey":"incident-10044","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:42.869872Z","receivedAt":"2026-05-15T20:49:42.883523Z"},{"id":1324,"fincertId":"FINCERT-2026-001324","incidentId":10039,"idempotencyKey":"incident-10039","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:42.768696Z","receivedAt":"2026-05-15T20:49:42.784025Z"},{"id":1323,"fincertId":"FINCERT-2026-001323","incidentId":10027,"idempotencyKey":"incident-10027","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:42.570810Z","receivedAt":"2026-05-15T20:49:42.583663Z"},{"id":1322,"fincertId":"FINCERT-2026-001322","incidentId":10024,"idempotencyKey":"incident-10024","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:42.515112Z","receivedAt":"2026-05-15T20:49:42.530796Z"},{"id":1321,"fincertId":"FINCERT-2026-001321","incidentId":10022,"idempotencyKey":"incident-10022","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:42.454602Z","receivedAt":"2026-05-15T20:49:42.478052Z"},{"id":1320,"fincertId":"FINCERT-2026-001320","incidentId":10018,"idempotencyKey":"incident-10018","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:42.381999Z","receivedAt":"2026-05-15T20:49:42.399349Z"},{"id":1319,"fincertId":"FINCERT-2026-001319","incidentId":10013,"idempotencyKey":"incident-10013","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:42.258040Z","receivedAt":"2026-05-15T20:49:42.274712Z"},{"id":1318,"fincertId":"FINCERT-2026-001318","incidentId":10011,"idempotencyKey":"incident-10011","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:42.178987Z","receivedAt":"2026-05-15T20:49:42.194017Z"},{"id":1317,"fincertId":"FINCERT-2026-001317","incidentId":10008,"idempotencyKey":"incident-10008","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:42.124990Z","receivedAt":"2026-05-15T20:49:42.142999Z"},{"id":1316,"fincertId":"FINCERT-2026-001316","incidentId":10007,"idempotencyKey":"incident-10007","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:42.095232Z","receivedAt":"2026-05-15T20:49:42.111301Z"},{"id":1315,"fincertId":"FINCERT-2026-001315","incidentId":9994,"idempotencyKey":"incident-9994","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:41.867108Z","receivedAt":"2026-05-15T20:49:41.879476Z"},{"id":1314,"fincertId":"FINCERT-2026-001314","incidentId":9988,"idempotencyKey":"incident-9988","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:41.742939Z","receivedAt":"2026-05-15T20:49:41.758002Z"},{"id":1313,"fincertId":"FINCERT-2026-001313","incidentId":9982,"idempotencyKey":"incident-9982","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:41.630497Z","receivedAt":"2026-05-15T20:49:41.651412Z"},{"id":1312,"fincertId":"FINCERT-2026-001312","incidentId":9979,"idempotencyKey":"incident-9979","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:41.532144Z","receivedAt":"2026-05-15T20:49:41.557084Z"},{"id":1311,"fincertId":"FINCERT-2026-001311","incidentId":9978,"idempotencyKey":"incident-9978","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:41.479812Z","receivedAt":"2026-05-15T20:49:41.519535Z"},{"id":1310,"fincertId":"FINCERT-2026-001310","incidentId":9973,"idempotencyKey":"incident-9973","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:41.291395Z","receivedAt":"2026-05-15T20:49:41.301906Z"},{"id":1309,"fincertId":"FINCERT-2026-001309","incidentId":9970,"idempotencyKey":"incident-9970","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:41.222862Z","receivedAt":"2026-05-15T20:49:41.244646Z"},{"id":1308,"fincertId":"FINCERT-2026-001308","incidentId":9968,"idempotencyKey":"incident-9968","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:41.171636Z","receivedAt":"2026-05-15T20:49:41.185157Z"},{"id":1307,"fincertId":"FINCERT-2026-001307","incidentId":9967,"idempotencyKey":"incident-9967","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:41.142978Z","receivedAt":"2026-05-15T20:49:41.162671Z"},{"id":1306,"fincertId":"FINCERT-2026-001306","incidentId":9966,"idempotencyKey":"incident-9966","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:41.097697Z","receivedAt":"2026-05-15T20:49:41.123360Z"},{"id":1305,"fincertId":"FINCERT-2026-001305","incidentId":9964,"idempotencyKey":"incident-9964","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:41.027555Z","receivedAt":"2026-05-15T20:49:41.055108Z"},{"id":1304,"fincertId":"FINCERT-2026-001304","incidentId":9963,"idempotencyKey":"incident-9963","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:40.935309Z","receivedAt":"2026-05-15T20:49:40.970454Z"},{"id":1303,"fincertId":"FINCERT-2026-001303","incidentId":9960,"idempotencyKey":"incident-9960","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:40.805325Z","receivedAt":"2026-05-15T20:49:40.850400Z"},{"id":1302,"fincertId":"FINCERT-2026-001302","incidentId":9958,"idempotencyKey":"incident-9958","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:40.731680Z","receivedAt":"2026-05-15T20:49:40.747291Z"},{"id":1301,"fincertId":"FINCERT-2026-001301","incidentId":9957,"idempotencyKey":"incident-9957","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:40.711592Z","receivedAt":"2026-05-15T20:49:40.724142Z"},{"id":1300,"fincertId":"FINCERT-2026-001300","incidentId":9956,"idempotencyKey":"incident-9956","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:40.675503Z","receivedAt":"2026-05-15T20:49:40.691885Z"},{"id":1299,"fincertId":"FINCERT-2026-001299","incidentId":9954,"idempotencyKey":"incident-9954","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:40.604610Z","receivedAt":"2026-05-15T20:49:40.624988Z"},{"id":1298,"fincertId":"FINCERT-2026-001298","incidentId":9953,"idempotencyKey":"incident-9953","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:40.584697Z","receivedAt":"2026-05-15T20:49:40.595933Z"},{"id":1297,"fincertId":"FINCERT-2026-001297","incidentId":9952,"idempotencyKey":"incident-9952","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:40.562641Z","receivedAt":"2026-05-15T20:49:40.576567Z"},{"id":1296,"fincertId":"FINCERT-2026-001296","incidentId":9948,"idempotencyKey":"incident-9948","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:40.496387Z","receivedAt":"2026-05-15T20:49:40.511389Z"},{"id":1295,"fincertId":"FINCERT-2026-001295","incidentId":9946,"idempotencyKey":"incident-9946","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:40.439558Z","receivedAt":"2026-05-15T20:49:40.453193Z"},{"id":1294,"fincertId":"FINCERT-2026-001294","incidentId":9944,"idempotencyKey":"incident-9944","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:40.405098Z","receivedAt":"2026-05-15T20:49:40.416967Z"},{"id":1293,"fincertId":"FINCERT-2026-001293","incidentId":9943,"idempotencyKey":"incident-9943","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:40.349842Z","receivedAt":"2026-05-15T20:49:40.377558Z"},{"id":1292,"fincertId":"FINCERT-2026-001292","incidentId":9942,"idempotencyKey":"incident-9942","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:40.306462Z","receivedAt":"2026-05-15T20:49:40.330713Z"},{"id":1291,"fincertId":"FINCERT-2026-001291","incidentId":9940,"idempotencyKey":"incident-9940","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:40.221449Z","receivedAt":"2026-05-15T20:49:40.239989Z"},{"id":1290,"fincertId":"FINCERT-2026-001290","incidentId":9938,"idempotencyKey":"incident-9938","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:40.153464Z","receivedAt":"2026-05-15T20:49:40.191609Z"},{"id":1289,"fincertId":"FINCERT-2026-001289","incidentId":9935,"idempotencyKey":"incident-9935","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:40.052548Z","receivedAt":"2026-05-15T20:49:40.073074Z"},{"id":1288,"fincertId":"FINCERT-2026-001288","incidentId":9934,"idempotencyKey":"incident-9934","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:40.004395Z","receivedAt":"2026-05-15T20:49:40.032298Z"},{"id":1287,"fincertId":"FINCERT-2026-001287","incidentId":9930,"idempotencyKey":"incident-9930","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:39.854457Z","receivedAt":"2026-05-15T20:49:39.897785Z"},{"id":1286,"fincertId":"FINCERT-2026-001286","incidentId":9928,"idempotencyKey":"incident-9928","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:39.796372Z","receivedAt":"2026-05-15T20:49:39.809734Z"},{"id":1285,"fincertId":"FINCERT-2026-001285","incidentId":9924,"idempotencyKey":"incident-9924","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:39.713415Z","receivedAt":"2026-05-15T20:49:39.730415Z"},{"id":1284,"fincertId":"FINCERT-2026-001284","incidentId":9923,"idempotencyKey":"incident-9923","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:39.688025Z","receivedAt":"2026-05-15T20:49:39.705051Z"},{"id":1283,"fincertId":"FINCERT-2026-001283","incidentId":9919,"idempotencyKey":"incident-9919","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:39.587428Z","receivedAt":"2026-05-15T20:49:39.601165Z"},{"id":1282,"fincertId":"FINCERT-2026-001282","incidentId":9918,"idempotencyKey":"incident-9918","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:39.552355Z","receivedAt":"2026-05-15T20:49:39.568856Z"},{"id":1281,"fincertId":"FINCERT-2026-001281","incidentId":9916,"idempotencyKey":"incident-9916","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:39.506350Z","receivedAt":"2026-05-15T20:49:39.524856Z"},{"id":1280,"fincertId":"FINCERT-2026-001280","incidentId":9911,"idempotencyKey":"incident-9911","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:39.399201Z","receivedAt":"2026-05-15T20:49:39.412946Z"},{"id":1279,"fincertId":"FINCERT-2026-001279","incidentId":9908,"idempotencyKey":"incident-9908","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:39.324907Z","receivedAt":"2026-05-15T20:49:39.351244Z"},{"id":1278,"fincertId":"FINCERT-2026-001278","incidentId":9906,"idempotencyKey":"incident-9906","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:39.281600Z","receivedAt":"2026-05-15T20:49:39.294998Z"},{"id":1277,"fincertId":"FINCERT-2026-001277","incidentId":9899,"idempotencyKey":"incident-9899","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:39.171154Z","receivedAt":"2026-05-15T20:49:39.184817Z"},{"id":1276,"fincertId":"FINCERT-2026-001276","incidentId":9884,"idempotencyKey":"incident-9884","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:38.865399Z","receivedAt":"2026-05-15T20:49:38.900321Z"},{"id":1275,"fincertId":"FINCERT-2026-001275","incidentId":9880,"idempotencyKey":"incident-9880","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:38.754085Z","receivedAt":"2026-05-15T20:49:38.771728Z"},{"id":1274,"fincertId":"FINCERT-2026-001274","incidentId":9865,"idempotencyKey":"incident-9865","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:38.502904Z","receivedAt":"2026-05-15T20:49:38.515675Z"},{"id":1273,"fincertId":"FINCERT-2026-001273","incidentId":9862,"idempotencyKey":"incident-9862","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:38.430475Z","receivedAt":"2026-05-15T20:49:38.442987Z"},{"id":1272,"fincertId":"FINCERT-2026-001272","incidentId":9856,"idempotencyKey":"incident-9856","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:38.344071Z","receivedAt":"2026-05-15T20:49:38.356887Z"},{"id":1271,"fincertId":"FINCERT-2026-001271","incidentId":9855,"idempotencyKey":"incident-9855","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:38.319769Z","receivedAt":"2026-05-15T20:49:38.336075Z"},{"id":1270,"fincertId":"FINCERT-2026-001270","incidentId":9853,"idempotencyKey":"incident-9853","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:38.269467Z","receivedAt":"2026-05-15T20:49:38.283128Z"},{"id":1269,"fincertId":"FINCERT-2026-001269","incidentId":9847,"idempotencyKey":"incident-9847","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:38.153241Z","receivedAt":"2026-05-15T20:49:38.170065Z"},{"id":1268,"fincertId":"FINCERT-2026-001268","incidentId":9846,"idempotencyKey":"incident-9846","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:38.067496Z","receivedAt":"2026-05-15T20:49:38.115423Z"},{"id":1267,"fincertId":"FINCERT-2026-001267","incidentId":9842,"idempotencyKey":"incident-9842","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:37.911917Z","receivedAt":"2026-05-15T20:49:37.936816Z"},{"id":1266,"fincertId":"FINCERT-2026-001266","incidentId":9837,"idempotencyKey":"incident-9837","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:37.771945Z","receivedAt":"2026-05-15T20:49:37.788825Z"},{"id":1265,"fincertId":"FINCERT-2026-001265","incidentId":9834,"idempotencyKey":"incident-9834","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:37.712553Z","receivedAt":"2026-05-15T20:49:37.727894Z"},{"id":1264,"fincertId":"FINCERT-2026-001264","incidentId":9827,"idempotencyKey":"incident-9827","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:37.565601Z","receivedAt":"2026-05-15T20:49:37.583376Z"},{"id":1263,"fincertId":"FINCERT-2026-001263","incidentId":9826,"idempotencyKey":"incident-9826","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:37.541617Z","receivedAt":"2026-05-15T20:49:37.557036Z"},{"id":1262,"fincertId":"FINCERT-2026-001262","incidentId":9824,"idempotencyKey":"incident-9824","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:37.477738Z","receivedAt":"2026-05-15T20:49:37.511018Z"},{"id":1261,"fincertId":"FINCERT-2026-001261","incidentId":9823,"idempotencyKey":"incident-9823","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:37.446098Z","receivedAt":"2026-05-15T20:49:37.460831Z"},{"id":1260,"fincertId":"FINCERT-2026-001260","incidentId":9812,"idempotencyKey":"incident-9812","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:37.176109Z","receivedAt":"2026-05-15T20:49:37.225590Z"},{"id":1259,"fincertId":"FINCERT-2026-001259","incidentId":9805,"idempotencyKey":"incident-9805","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:37.002196Z","receivedAt":"2026-05-15T20:49:37.020360Z"},{"id":1258,"fincertId":"FINCERT-2026-001258","incidentId":9803,"idempotencyKey":"incident-9803","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:36.941780Z","receivedAt":"2026-05-15T20:49:36.959553Z"},{"id":1257,"fincertId":"FINCERT-2026-001257","incidentId":9801,"idempotencyKey":"incident-9801","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:36.907984Z","receivedAt":"2026-05-15T20:49:36.920020Z"},{"id":1256,"fincertId":"FINCERT-2026-001256","incidentId":9799,"idempotencyKey":"incident-9799","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:36.866006Z","receivedAt":"2026-05-15T20:49:36.879875Z"},{"id":1255,"fincertId":"FINCERT-2026-001255","incidentId":9798,"idempotencyKey":"incident-9798","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:36.812360Z","receivedAt":"2026-05-15T20:49:36.841999Z"},{"id":1254,"fincertId":"FINCERT-2026-001254","incidentId":9797,"idempotencyKey":"incident-9797","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:36.785486Z","receivedAt":"2026-05-15T20:49:36.799824Z"},{"id":1253,"fincertId":"FINCERT-2026-001253","incidentId":9792,"idempotencyKey":"incident-9792","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:36.704651Z","receivedAt":"2026-05-15T20:49:36.719196Z"},{"id":1252,"fincertId":"FINCERT-2026-001252","incidentId":9782,"idempotencyKey":"incident-9782","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:36.448215Z","receivedAt":"2026-05-15T20:49:36.472798Z"},{"id":1251,"fincertId":"FINCERT-2026-001251","incidentId":9777,"idempotencyKey":"incident-9777","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:36.371729Z","receivedAt":"2026-05-15T20:49:36.386125Z"},{"id":1250,"fincertId":"FINCERT-2026-001250","incidentId":9774,"idempotencyKey":"incident-9774","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:36.313304Z","receivedAt":"2026-05-15T20:49:36.337519Z"},{"id":1249,"fincertId":"FINCERT-2026-001249","incidentId":9772,"idempotencyKey":"incident-9772","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:36.264279Z","receivedAt":"2026-05-15T20:49:36.276869Z"},{"id":1248,"fincertId":"FINCERT-2026-001248","incidentId":9767,"idempotencyKey":"incident-9767","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:36.098836Z","receivedAt":"2026-05-15T20:49:36.118807Z"},{"id":1247,"fincertId":"FINCERT-2026-001247","incidentId":9761,"idempotencyKey":"incident-9761","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:35.950149Z","receivedAt":"2026-05-15T20:49:35.969862Z"},{"id":1246,"fincertId":"FINCERT-2026-001246","incidentId":9754,"idempotencyKey":"incident-9754","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:35.754859Z","receivedAt":"2026-05-15T20:49:35.774123Z"},{"id":1245,"fincertId":"FINCERT-2026-001245","incidentId":9751,"idempotencyKey":"incident-9751","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:35.663872Z","receivedAt":"2026-05-15T20:49:35.687812Z"},{"id":1244,"fincertId":"FINCERT-2026-001244","incidentId":9750,"idempotencyKey":"incident-9750","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:35.613753Z","receivedAt":"2026-05-15T20:49:35.642600Z"},{"id":1243,"fincertId":"FINCERT-2026-001243","incidentId":9748,"idempotencyKey":"incident-9748","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:35.558413Z","receivedAt":"2026-05-15T20:49:35.582619Z"},{"id":1242,"fincertId":"FINCERT-2026-001242","incidentId":9742,"idempotencyKey":"incident-9742","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:35.405108Z","receivedAt":"2026-05-15T20:49:35.417323Z"},{"id":1241,"fincertId":"FINCERT-2026-001241","incidentId":9738,"idempotencyKey":"incident-9738","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:35.335161Z","receivedAt":"2026-05-15T20:49:35.356991Z"},{"id":1240,"fincertId":"FINCERT-2026-001240","incidentId":9735,"idempotencyKey":"incident-9735","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:35.264922Z","receivedAt":"2026-05-15T20:49:35.279754Z"},{"id":1239,"fincertId":"FINCERT-2026-001239","incidentId":9731,"idempotencyKey":"incident-9731","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:35.169203Z","receivedAt":"2026-05-15T20:49:35.184117Z"},{"id":1238,"fincertId":"FINCERT-2026-001238","incidentId":9717,"idempotencyKey":"incident-9717","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:34.798038Z","receivedAt":"2026-05-15T20:49:34.833323Z"},{"id":1237,"fincertId":"FINCERT-2026-001237","incidentId":9713,"idempotencyKey":"incident-9713","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:34.719548Z","receivedAt":"2026-05-15T20:49:34.737686Z"},{"id":1236,"fincertId":"FINCERT-2026-001236","incidentId":9711,"idempotencyKey":"incident-9711","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:34.657942Z","receivedAt":"2026-05-15T20:49:34.676017Z"},{"id":1235,"fincertId":"FINCERT-2026-001235","incidentId":9706,"idempotencyKey":"incident-9706","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:34.532539Z","receivedAt":"2026-05-15T20:49:34.550434Z"},{"id":1234,"fincertId":"FINCERT-2026-001234","incidentId":9694,"idempotencyKey":"incident-9694","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:34.257609Z","receivedAt":"2026-05-15T20:49:34.282929Z"},{"id":1233,"fincertId":"FINCERT-2026-001233","incidentId":9692,"idempotencyKey":"incident-9692","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:34.199312Z","receivedAt":"2026-05-15T20:49:34.219964Z"},{"id":1232,"fincertId":"FINCERT-2026-001232","incidentId":9689,"idempotencyKey":"incident-9689","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:34.095108Z","receivedAt":"2026-05-15T20:49:34.130069Z"},{"id":1231,"fincertId":"FINCERT-2026-001231","incidentId":9685,"idempotencyKey":"incident-9685","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:33.927636Z","receivedAt":"2026-05-15T20:49:33.948539Z"},{"id":1230,"fincertId":"FINCERT-2026-001230","incidentId":9683,"idempotencyKey":"incident-9683","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:33.848724Z","receivedAt":"2026-05-15T20:49:33.883719Z"},{"id":1229,"fincertId":"FINCERT-2026-001229","incidentId":9675,"idempotencyKey":"incident-9675","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:33.607045Z","receivedAt":"2026-05-15T20:49:33.633761Z"},{"id":1228,"fincertId":"FINCERT-2026-001228","incidentId":9671,"idempotencyKey":"incident-9671","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:33.478549Z","receivedAt":"2026-05-15T20:49:33.508695Z"},{"id":1227,"fincertId":"FINCERT-2026-001227","incidentId":9670,"idempotencyKey":"incident-9670","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:33.439542Z","receivedAt":"2026-05-15T20:49:33.464968Z"},{"id":1226,"fincertId":"FINCERT-2026-001226","incidentId":9660,"idempotencyKey":"incident-9660","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:33.210582Z","receivedAt":"2026-05-15T20:49:33.230025Z"},{"id":1225,"fincertId":"FINCERT-2026-001225","incidentId":9658,"idempotencyKey":"incident-9658","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:33.172801Z","receivedAt":"2026-05-15T20:49:33.186435Z"},{"id":1224,"fincertId":"FINCERT-2026-001224","incidentId":9655,"idempotencyKey":"incident-9655","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:33.091231Z","receivedAt":"2026-05-15T20:49:33.110067Z"},{"id":1223,"fincertId":"FINCERT-2026-001223","incidentId":9654,"idempotencyKey":"incident-9654","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:33.069892Z","receivedAt":"2026-05-15T20:49:33.082745Z"},{"id":1222,"fincertId":"FINCERT-2026-001222","incidentId":9652,"idempotencyKey":"incident-9652","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:33.037023Z","receivedAt":"2026-05-15T20:49:33.049060Z"},{"id":1221,"fincertId":"FINCERT-2026-001221","incidentId":9649,"idempotencyKey":"incident-9649","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:32.972935Z","receivedAt":"2026-05-15T20:49:32.989634Z"},{"id":1220,"fincertId":"FINCERT-2026-001220","incidentId":9648,"idempotencyKey":"incident-9648","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:32.940830Z","receivedAt":"2026-05-15T20:49:32.955805Z"},{"id":1219,"fincertId":"FINCERT-2026-001219","incidentId":9647,"idempotencyKey":"incident-9647","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:32.919968Z","receivedAt":"2026-05-15T20:49:32.933608Z"},{"id":1218,"fincertId":"FINCERT-2026-001218","incidentId":9643,"idempotencyKey":"incident-9643","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:32.838803Z","receivedAt":"2026-05-15T20:49:32.864597Z"},{"id":1217,"fincertId":"FINCERT-2026-001217","incidentId":9642,"idempotencyKey":"incident-9642","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:32.789152Z","receivedAt":"2026-05-15T20:49:32.804079Z"},{"id":1216,"fincertId":"FINCERT-2026-001216","incidentId":9638,"idempotencyKey":"incident-9638","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:32.725341Z","receivedAt":"2026-05-15T20:49:32.737669Z"},{"id":1215,"fincertId":"FINCERT-2026-001215","incidentId":9630,"idempotencyKey":"incident-9630","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:32.573635Z","receivedAt":"2026-05-15T20:49:32.588774Z"},{"id":1214,"fincertId":"FINCERT-2026-001214","incidentId":9629,"idempotencyKey":"incident-9629","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:32.552997Z","receivedAt":"2026-05-15T20:49:32.566806Z"},{"id":1213,"fincertId":"FINCERT-2026-001213","incidentId":9625,"idempotencyKey":"incident-9625","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:32.442340Z","receivedAt":"2026-05-15T20:49:32.457314Z"},{"id":1212,"fincertId":"FINCERT-2026-001212","incidentId":9614,"idempotencyKey":"incident-9614","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:32.233013Z","receivedAt":"2026-05-15T20:49:32.250402Z"},{"id":1211,"fincertId":"FINCERT-2026-001211","incidentId":9606,"idempotencyKey":"incident-9606","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:32.041933Z","receivedAt":"2026-05-15T20:49:32.072742Z"},{"id":1210,"fincertId":"FINCERT-2026-001210","incidentId":9602,"idempotencyKey":"incident-9602","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:31.921351Z","receivedAt":"2026-05-15T20:49:31.934465Z"},{"id":1209,"fincertId":"FINCERT-2026-001209","incidentId":9600,"idempotencyKey":"incident-9600","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:31.789663Z","receivedAt":"2026-05-15T20:49:31.814519Z"},{"id":1208,"fincertId":"FINCERT-2026-001208","incidentId":9597,"idempotencyKey":"incident-9597","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:31.721823Z","receivedAt":"2026-05-15T20:49:31.741080Z"},{"id":1207,"fincertId":"FINCERT-2026-001207","incidentId":9594,"idempotencyKey":"incident-9594","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:31.637859Z","receivedAt":"2026-05-15T20:49:31.662323Z"},{"id":1206,"fincertId":"FINCERT-2026-001206","incidentId":9586,"idempotencyKey":"incident-9586","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:31.437552Z","receivedAt":"2026-05-15T20:49:31.450091Z"},{"id":1205,"fincertId":"FINCERT-2026-001205","incidentId":9585,"idempotencyKey":"incident-9585","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:31.414496Z","receivedAt":"2026-05-15T20:49:31.429668Z"},{"id":1204,"fincertId":"FINCERT-2026-001204","incidentId":9583,"idempotencyKey":"incident-9583","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:31.377692Z","receivedAt":"2026-05-15T20:49:31.390608Z"},{"id":1203,"fincertId":"FINCERT-2026-001203","incidentId":9582,"idempotencyKey":"incident-9582","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:31.354506Z","receivedAt":"2026-05-15T20:49:31.369334Z"},{"id":1202,"fincertId":"FINCERT-2026-001202","incidentId":9577,"idempotencyKey":"incident-9577","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:31.211346Z","receivedAt":"2026-05-15T20:49:31.232454Z"},{"id":1201,"fincertId":"FINCERT-2026-001201","incidentId":9576,"idempotencyKey":"incident-9576","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:31.175142Z","receivedAt":"2026-05-15T20:49:31.196363Z"},{"id":1200,"fincertId":"FINCERT-2026-001200","incidentId":9572,"idempotencyKey":"incident-9572","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:31.078988Z","receivedAt":"2026-05-15T20:49:31.091748Z"},{"id":1199,"fincertId":"FINCERT-2026-001199","incidentId":9571,"idempotencyKey":"incident-9571","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:31.056897Z","receivedAt":"2026-05-15T20:49:31.072225Z"},{"id":1198,"fincertId":"FINCERT-2026-001198","incidentId":9567,"idempotencyKey":"incident-9567","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:30.945692Z","receivedAt":"2026-05-15T20:49:30.971689Z"},{"id":1197,"fincertId":"FINCERT-2026-001197","incidentId":9559,"idempotencyKey":"incident-9559","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:30.789938Z","receivedAt":"2026-05-15T20:49:30.803244Z"},{"id":1196,"fincertId":"FINCERT-2026-001196","incidentId":9557,"idempotencyKey":"incident-9557","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:30.749759Z","receivedAt":"2026-05-15T20:49:30.766839Z"},{"id":1195,"fincertId":"FINCERT-2026-001195","incidentId":9554,"idempotencyKey":"incident-9554","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:30.700766Z","receivedAt":"2026-05-15T20:49:30.714758Z"},{"id":1194,"fincertId":"FINCERT-2026-001194","incidentId":9552,"idempotencyKey":"incident-9552","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:30.662558Z","receivedAt":"2026-05-15T20:49:30.678858Z"},{"id":1193,"fincertId":"FINCERT-2026-001193","incidentId":9551,"idempotencyKey":"incident-9551","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:30.613144Z","receivedAt":"2026-05-15T20:49:30.644537Z"},{"id":1192,"fincertId":"FINCERT-2026-001192","incidentId":9547,"idempotencyKey":"incident-9547","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:30.537503Z","receivedAt":"2026-05-15T20:49:30.554026Z"},{"id":1191,"fincertId":"FINCERT-2026-001191","incidentId":9544,"idempotencyKey":"incident-9544","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:30.448491Z","receivedAt":"2026-05-15T20:49:30.476550Z"},{"id":1190,"fincertId":"FINCERT-2026-001190","incidentId":9538,"idempotencyKey":"incident-9538","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:30.323452Z","receivedAt":"2026-05-15T20:49:30.347920Z"},{"id":1189,"fincertId":"FINCERT-2026-001189","incidentId":9533,"idempotencyKey":"incident-9533","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:30.194017Z","receivedAt":"2026-05-15T20:49:30.213215Z"},{"id":1188,"fincertId":"FINCERT-2026-001188","incidentId":9532,"idempotencyKey":"incident-9532","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:30.134243Z","receivedAt":"2026-05-15T20:49:30.162046Z"},{"id":1187,"fincertId":"FINCERT-2026-001187","incidentId":9531,"idempotencyKey":"incident-9531","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:30.097037Z","receivedAt":"2026-05-15T20:49:30.111457Z"},{"id":1186,"fincertId":"FINCERT-2026-001186","incidentId":9530,"idempotencyKey":"incident-9530","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:30.064758Z","receivedAt":"2026-05-15T20:49:30.078640Z"},{"id":1185,"fincertId":"FINCERT-2026-001185","incidentId":9527,"idempotencyKey":"incident-9527","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:30.009215Z","receivedAt":"2026-05-15T20:49:30.027521Z"},{"id":1184,"fincertId":"FINCERT-2026-001184","incidentId":9523,"idempotencyKey":"incident-9523","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:29.918799Z","receivedAt":"2026-05-15T20:49:29.930955Z"},{"id":1183,"fincertId":"FINCERT-2026-001183","incidentId":9522,"idempotencyKey":"incident-9522","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:29.898870Z","receivedAt":"2026-05-15T20:49:29.911659Z"},{"id":1182,"fincertId":"FINCERT-2026-001182","incidentId":9515,"idempotencyKey":"incident-9515","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:29.775360Z","receivedAt":"2026-05-15T20:49:29.787568Z"},{"id":1181,"fincertId":"FINCERT-2026-001181","incidentId":9512,"idempotencyKey":"incident-9512","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:29.722736Z","receivedAt":"2026-05-15T20:49:29.735703Z"},{"id":1180,"fincertId":"FINCERT-2026-001180","incidentId":9511,"idempotencyKey":"incident-9511","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:29.702611Z","receivedAt":"2026-05-15T20:49:29.715557Z"},{"id":1179,"fincertId":"FINCERT-2026-001179","incidentId":9510,"idempotencyKey":"incident-9510","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:29.680517Z","receivedAt":"2026-05-15T20:49:29.695011Z"},{"id":1178,"fincertId":"FINCERT-2026-001178","incidentId":9508,"idempotencyKey":"incident-9508","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:29.606794Z","receivedAt":"2026-05-15T20:49:29.626329Z"},{"id":1177,"fincertId":"FINCERT-2026-001177","incidentId":9507,"idempotencyKey":"incident-9507","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:29.574385Z","receivedAt":"2026-05-15T20:49:29.588814Z"},{"id":1176,"fincertId":"FINCERT-2026-001176","incidentId":9505,"idempotencyKey":"incident-9505","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:29.538203Z","receivedAt":"2026-05-15T20:49:29.553520Z"},{"id":1175,"fincertId":"FINCERT-2026-001175","incidentId":9497,"idempotencyKey":"incident-9497","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:29.395484Z","receivedAt":"2026-05-15T20:49:29.409538Z"},{"id":1174,"fincertId":"FINCERT-2026-001174","incidentId":9495,"idempotencyKey":"incident-9495","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:29.358849Z","receivedAt":"2026-05-15T20:49:29.372807Z"},{"id":1173,"fincertId":"FINCERT-2026-001173","incidentId":9492,"idempotencyKey":"incident-9492","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:29.285245Z","receivedAt":"2026-05-15T20:49:29.300149Z"},{"id":1172,"fincertId":"FINCERT-2026-001172","incidentId":9489,"idempotencyKey":"incident-9489","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:29.224507Z","receivedAt":"2026-05-15T20:49:29.245238Z"},{"id":1171,"fincertId":"FINCERT-2026-001171","incidentId":9487,"idempotencyKey":"incident-9487","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:29.182578Z","receivedAt":"2026-05-15T20:49:29.198425Z"},{"id":1170,"fincertId":"FINCERT-2026-001170","incidentId":9485,"idempotencyKey":"incident-9485","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:29.116589Z","receivedAt":"2026-05-15T20:49:29.148884Z"},{"id":1169,"fincertId":"FINCERT-2026-001169","incidentId":9484,"idempotencyKey":"incident-9484","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:29.085125Z","receivedAt":"2026-05-15T20:49:29.104670Z"},{"id":1168,"fincertId":"FINCERT-2026-001168","incidentId":9483,"idempotencyKey":"incident-9483","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:29.046962Z","receivedAt":"2026-05-15T20:49:29.063037Z"},{"id":1167,"fincertId":"FINCERT-2026-001167","incidentId":9476,"idempotencyKey":"incident-9476","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:28.883238Z","receivedAt":"2026-05-15T20:49:28.897689Z"},{"id":1166,"fincertId":"FINCERT-2026-001166","incidentId":9472,"idempotencyKey":"incident-9472","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:28.768628Z","receivedAt":"2026-05-15T20:49:28.784108Z"},{"id":1165,"fincertId":"FINCERT-2026-001165","incidentId":9463,"idempotencyKey":"incident-9463","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:28.487788Z","receivedAt":"2026-05-15T20:49:28.509294Z"},{"id":1164,"fincertId":"FINCERT-2026-001164","incidentId":9459,"idempotencyKey":"incident-9459","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:28.401717Z","receivedAt":"2026-05-15T20:49:28.416778Z"},{"id":1163,"fincertId":"FINCERT-2026-001163","incidentId":9455,"idempotencyKey":"incident-9455","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:28.303610Z","receivedAt":"2026-05-15T20:49:28.321615Z"},{"id":1162,"fincertId":"FINCERT-2026-001162","incidentId":9454,"idempotencyKey":"incident-9454","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:28.278839Z","receivedAt":"2026-05-15T20:49:28.295388Z"},{"id":1161,"fincertId":"FINCERT-2026-001161","incidentId":9451,"idempotencyKey":"incident-9451","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:28.167277Z","receivedAt":"2026-05-15T20:49:28.196070Z"},{"id":1160,"fincertId":"FINCERT-2026-001160","incidentId":9447,"idempotencyKey":"incident-9447","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:27.924621Z","receivedAt":"2026-05-15T20:49:27.945337Z"},{"id":1159,"fincertId":"FINCERT-2026-001159","incidentId":9446,"idempotencyKey":"incident-9446","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:27.887747Z","receivedAt":"2026-05-15T20:49:27.910546Z"},{"id":1158,"fincertId":"FINCERT-2026-001158","incidentId":9444,"idempotencyKey":"incident-9444","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:27.835666Z","receivedAt":"2026-05-15T20:49:27.856512Z"},{"id":1157,"fincertId":"FINCERT-2026-001157","incidentId":9442,"idempotencyKey":"incident-9442","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:27.785924Z","receivedAt":"2026-05-15T20:49:27.799946Z"},{"id":1156,"fincertId":"FINCERT-2026-001156","incidentId":9441,"idempotencyKey":"incident-9441","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:27.753663Z","receivedAt":"2026-05-15T20:49:27.769203Z"},{"id":1155,"fincertId":"FINCERT-2026-001155","incidentId":9440,"idempotencyKey":"incident-9440","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:27.733030Z","receivedAt":"2026-05-15T20:49:27.745556Z"},{"id":1154,"fincertId":"FINCERT-2026-001154","incidentId":9439,"idempotencyKey":"incident-9439","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:27.706924Z","receivedAt":"2026-05-15T20:49:27.721997Z"},{"id":1153,"fincertId":"FINCERT-2026-001153","incidentId":9431,"idempotencyKey":"incident-9431","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:27.516627Z","receivedAt":"2026-05-15T20:49:27.538857Z"},{"id":1152,"fincertId":"FINCERT-2026-001152","incidentId":9426,"idempotencyKey":"incident-9426","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:27.379775Z","receivedAt":"2026-05-15T20:49:27.396560Z"},{"id":1151,"fincertId":"FINCERT-2026-001151","incidentId":9423,"idempotencyKey":"incident-9423","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:27.294209Z","receivedAt":"2026-05-15T20:49:27.319450Z"},{"id":1150,"fincertId":"FINCERT-2026-001150","incidentId":9422,"idempotencyKey":"incident-9422","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:27.268231Z","receivedAt":"2026-05-15T20:49:27.281580Z"},{"id":1149,"fincertId":"FINCERT-2026-001149","incidentId":9421,"idempotencyKey":"incident-9421","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:27.241722Z","receivedAt":"2026-05-15T20:49:27.260120Z"},{"id":1148,"fincertId":"FINCERT-2026-001148","incidentId":9419,"idempotencyKey":"incident-9419","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:27.196777Z","receivedAt":"2026-05-15T20:49:27.210216Z"},{"id":1147,"fincertId":"FINCERT-2026-001147","incidentId":9418,"idempotencyKey":"incident-9418","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:27.168789Z","receivedAt":"2026-05-15T20:49:27.183342Z"},{"id":1146,"fincertId":"FINCERT-2026-001146","incidentId":9417,"idempotencyKey":"incident-9417","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:27.121846Z","receivedAt":"2026-05-15T20:49:27.149669Z"},{"id":1145,"fincertId":"FINCERT-2026-001145","incidentId":9415,"idempotencyKey":"incident-9415","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:27.064927Z","receivedAt":"2026-05-15T20:49:27.080078Z"},{"id":1144,"fincertId":"FINCERT-2026-001144","incidentId":9412,"idempotencyKey":"incident-9412","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:26.996106Z","receivedAt":"2026-05-15T20:49:27.013928Z"},{"id":1143,"fincertId":"FINCERT-2026-001143","incidentId":9409,"idempotencyKey":"incident-9409","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:26.899790Z","receivedAt":"2026-05-15T20:49:26.918330Z"},{"id":1142,"fincertId":"FINCERT-2026-001142","incidentId":9408,"idempotencyKey":"incident-9408","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:26.840787Z","receivedAt":"2026-05-15T20:49:26.879008Z"},{"id":1141,"fincertId":"FINCERT-2026-001141","incidentId":9402,"idempotencyKey":"incident-9402","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:26.573008Z","receivedAt":"2026-05-15T20:49:26.606886Z"},{"id":1140,"fincertId":"FINCERT-2026-001140","incidentId":9398,"idempotencyKey":"incident-9398","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:26.471716Z","receivedAt":"2026-05-15T20:49:26.510564Z"},{"id":1139,"fincertId":"FINCERT-2026-001139","incidentId":9393,"idempotencyKey":"incident-9393","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:26.311575Z","receivedAt":"2026-05-15T20:49:26.354894Z"},{"id":1138,"fincertId":"FINCERT-2026-001138","incidentId":9392,"idempotencyKey":"incident-9392","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:26.280214Z","receivedAt":"2026-05-15T20:49:26.295698Z"},{"id":1137,"fincertId":"FINCERT-2026-001137","incidentId":9390,"idempotencyKey":"incident-9390","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:26.231005Z","receivedAt":"2026-05-15T20:49:26.255573Z"},{"id":1136,"fincertId":"FINCERT-2026-001136","incidentId":9381,"idempotencyKey":"incident-9381","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:26.080812Z","receivedAt":"2026-05-15T20:49:26.094481Z"},{"id":1135,"fincertId":"FINCERT-2026-001135","incidentId":9379,"idempotencyKey":"incident-9379","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:26.047208Z","receivedAt":"2026-05-15T20:49:26.059277Z"},{"id":1134,"fincertId":"FINCERT-2026-001134","incidentId":9376,"idempotencyKey":"incident-9376","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:25.989159Z","receivedAt":"2026-05-15T20:49:26.010759Z"},{"id":1133,"fincertId":"FINCERT-2026-001133","incidentId":9375,"idempotencyKey":"incident-9375","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:25.954749Z","receivedAt":"2026-05-15T20:49:25.978982Z"},{"id":1132,"fincertId":"FINCERT-2026-001132","incidentId":9363,"idempotencyKey":"incident-9363","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:25.745570Z","receivedAt":"2026-05-15T20:49:25.759331Z"},{"id":1131,"fincertId":"FINCERT-2026-001131","incidentId":9356,"idempotencyKey":"incident-9356","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:25.640460Z","receivedAt":"2026-05-15T20:49:25.656737Z"},{"id":1130,"fincertId":"FINCERT-2026-001130","incidentId":9348,"idempotencyKey":"incident-9348","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:25.431069Z","receivedAt":"2026-05-15T20:49:25.445022Z"},{"id":1129,"fincertId":"FINCERT-2026-001129","incidentId":9342,"idempotencyKey":"incident-9342","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:25.291871Z","receivedAt":"2026-05-15T20:49:25.314319Z"},{"id":1128,"fincertId":"FINCERT-2026-001128","incidentId":9339,"idempotencyKey":"incident-9339","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:25.232315Z","receivedAt":"2026-05-15T20:49:25.245888Z"},{"id":1127,"fincertId":"FINCERT-2026-001127","incidentId":9338,"idempotencyKey":"incident-9338","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:25.207541Z","receivedAt":"2026-05-15T20:49:25.223146Z"},{"id":1126,"fincertId":"FINCERT-2026-001126","incidentId":9335,"idempotencyKey":"incident-9335","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:25.064785Z","receivedAt":"2026-05-15T20:49:25.093143Z"},{"id":1125,"fincertId":"FINCERT-2026-001125","incidentId":9333,"idempotencyKey":"incident-9333","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:24.942162Z","receivedAt":"2026-05-15T20:49:24.966584Z"},{"id":1124,"fincertId":"FINCERT-2026-001124","incidentId":9331,"idempotencyKey":"incident-9331","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:24.841164Z","receivedAt":"2026-05-15T20:49:24.875731Z"},{"id":1123,"fincertId":"FINCERT-2026-001123","incidentId":9330,"idempotencyKey":"incident-9330","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:24.801718Z","receivedAt":"2026-05-15T20:49:24.827916Z"},{"id":1122,"fincertId":"FINCERT-2026-001122","incidentId":9329,"idempotencyKey":"incident-9329","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:24.741659Z","receivedAt":"2026-05-15T20:49:24.764859Z"},{"id":1121,"fincertId":"FINCERT-2026-001121","incidentId":9326,"idempotencyKey":"incident-9326","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:24.669898Z","receivedAt":"2026-05-15T20:49:24.686295Z"},{"id":1120,"fincertId":"FINCERT-2026-001120","incidentId":9323,"idempotencyKey":"incident-9323","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:24.598053Z","receivedAt":"2026-05-15T20:49:24.612716Z"},{"id":1119,"fincertId":"FINCERT-2026-001119","incidentId":9322,"idempotencyKey":"incident-9322","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:24.573474Z","receivedAt":"2026-05-15T20:49:24.590369Z"},{"id":1118,"fincertId":"FINCERT-2026-001118","incidentId":9314,"idempotencyKey":"incident-9314","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:24.391371Z","receivedAt":"2026-05-15T20:49:24.404276Z"},{"id":1117,"fincertId":"FINCERT-2026-001117","incidentId":9313,"idempotencyKey":"incident-9313","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:24.367294Z","receivedAt":"2026-05-15T20:49:24.384702Z"},{"id":1116,"fincertId":"FINCERT-2026-001116","incidentId":9300,"idempotencyKey":"incident-9300","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:24.121058Z","receivedAt":"2026-05-15T20:49:24.138783Z"},{"id":1115,"fincertId":"FINCERT-2026-001115","incidentId":9299,"idempotencyKey":"incident-9299","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:24.092904Z","receivedAt":"2026-05-15T20:49:24.112237Z"},{"id":1114,"fincertId":"FINCERT-2026-001114","incidentId":9297,"idempotencyKey":"incident-9297","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:24.039838Z","receivedAt":"2026-05-15T20:49:24.054940Z"},{"id":1113,"fincertId":"FINCERT-2026-001113","incidentId":9294,"idempotencyKey":"incident-9294","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:23.955532Z","receivedAt":"2026-05-15T20:49:23.974033Z"},{"id":1112,"fincertId":"FINCERT-2026-001112","incidentId":9293,"idempotencyKey":"incident-9293","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:23.929445Z","receivedAt":"2026-05-15T20:49:23.946503Z"},{"id":1111,"fincertId":"FINCERT-2026-001111","incidentId":9285,"idempotencyKey":"incident-9285","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:23.738275Z","receivedAt":"2026-05-15T20:49:23.766605Z"},{"id":1110,"fincertId":"FINCERT-2026-001110","incidentId":9283,"idempotencyKey":"incident-9283","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:23.697997Z","receivedAt":"2026-05-15T20:49:23.710604Z"},{"id":1109,"fincertId":"FINCERT-2026-001109","incidentId":9277,"idempotencyKey":"incident-9277","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:23.577027Z","receivedAt":"2026-05-15T20:49:23.590631Z"},{"id":1108,"fincertId":"FINCERT-2026-001108","incidentId":9272,"idempotencyKey":"incident-9272","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:23.439623Z","receivedAt":"2026-05-15T20:49:23.453713Z"},{"id":1107,"fincertId":"FINCERT-2026-001107","incidentId":9264,"idempotencyKey":"incident-9264","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:23.247128Z","receivedAt":"2026-05-15T20:49:23.261920Z"},{"id":1106,"fincertId":"FINCERT-2026-001106","incidentId":9262,"idempotencyKey":"incident-9262","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:23.208499Z","receivedAt":"2026-05-15T20:49:23.222524Z"},{"id":1105,"fincertId":"FINCERT-2026-001105","incidentId":9258,"idempotencyKey":"incident-9258","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:23.111934Z","receivedAt":"2026-05-15T20:49:23.136688Z"},{"id":1104,"fincertId":"FINCERT-2026-001104","incidentId":9253,"idempotencyKey":"incident-9253","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:22.953681Z","receivedAt":"2026-05-15T20:49:22.970703Z"},{"id":1103,"fincertId":"FINCERT-2026-001103","incidentId":9252,"idempotencyKey":"incident-9252","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:22.933779Z","receivedAt":"2026-05-15T20:49:22.946762Z"},{"id":1102,"fincertId":"FINCERT-2026-001102","incidentId":9245,"idempotencyKey":"incident-9245","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:22.736403Z","receivedAt":"2026-05-15T20:49:22.749465Z"},{"id":1101,"fincertId":"FINCERT-2026-001101","incidentId":9243,"idempotencyKey":"incident-9243","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:22.702939Z","receivedAt":"2026-05-15T20:49:22.714211Z"},{"id":1100,"fincertId":"FINCERT-2026-001100","incidentId":9234,"idempotencyKey":"incident-9234","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:22.563327Z","receivedAt":"2026-05-15T20:49:22.576982Z"},{"id":1099,"fincertId":"FINCERT-2026-001099","incidentId":9233,"idempotencyKey":"incident-9233","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:22.539397Z","receivedAt":"2026-05-15T20:49:22.554317Z"},{"id":1098,"fincertId":"FINCERT-2026-001098","incidentId":9232,"idempotencyKey":"incident-9232","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:22.488998Z","receivedAt":"2026-05-15T20:49:22.517023Z"},{"id":1097,"fincertId":"FINCERT-2026-001097","incidentId":9216,"idempotencyKey":"incident-9216","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:22.152957Z","receivedAt":"2026-05-15T20:49:22.175745Z"},{"id":1096,"fincertId":"FINCERT-2026-001096","incidentId":9212,"idempotencyKey":"incident-9212","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:22.035660Z","receivedAt":"2026-05-15T20:49:22.052148Z"},{"id":1095,"fincertId":"FINCERT-2026-001095","incidentId":9211,"idempotencyKey":"incident-9211","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:21.967990Z","receivedAt":"2026-05-15T20:49:21.996542Z"},{"id":1094,"fincertId":"FINCERT-2026-001094","incidentId":9210,"idempotencyKey":"incident-9210","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:21.944662Z","receivedAt":"2026-05-15T20:49:21.958787Z"},{"id":1093,"fincertId":"FINCERT-2026-001093","incidentId":9209,"idempotencyKey":"incident-9209","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:21.926411Z","receivedAt":"2026-05-15T20:49:21.937219Z"},{"id":1092,"fincertId":"FINCERT-2026-001092","incidentId":9208,"idempotencyKey":"incident-9208","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:21.897570Z","receivedAt":"2026-05-15T20:49:21.910775Z"},{"id":1091,"fincertId":"FINCERT-2026-001091","incidentId":9207,"idempotencyKey":"incident-9207","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:21.878302Z","receivedAt":"2026-05-15T20:49:21.890387Z"},{"id":1090,"fincertId":"FINCERT-2026-001090","incidentId":9201,"idempotencyKey":"incident-9201","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:21.772647Z","receivedAt":"2026-05-15T20:49:21.783729Z"},{"id":1089,"fincertId":"FINCERT-2026-001089","incidentId":9200,"idempotencyKey":"incident-9200","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:21.752348Z","receivedAt":"2026-05-15T20:49:21.766059Z"},{"id":1088,"fincertId":"FINCERT-2026-001088","incidentId":9198,"idempotencyKey":"incident-9198","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:21.705498Z","receivedAt":"2026-05-15T20:49:21.718604Z"},{"id":1087,"fincertId":"FINCERT-2026-001087","incidentId":9190,"idempotencyKey":"incident-9190","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:21.554781Z","receivedAt":"2026-05-15T20:49:21.573603Z"},{"id":1086,"fincertId":"FINCERT-2026-001086","incidentId":9189,"idempotencyKey":"incident-9189","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:21.520722Z","receivedAt":"2026-05-15T20:49:21.541434Z"},{"id":1085,"fincertId":"FINCERT-2026-001085","incidentId":9181,"idempotencyKey":"incident-9181","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:21.278665Z","receivedAt":"2026-05-15T20:49:21.293Z"},{"id":1084,"fincertId":"FINCERT-2026-001084","incidentId":9180,"idempotencyKey":"incident-9180","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:21.257731Z","receivedAt":"2026-05-15T20:49:21.270624Z"},{"id":1083,"fincertId":"FINCERT-2026-001083","incidentId":9173,"idempotencyKey":"incident-9173","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:21.130478Z","receivedAt":"2026-05-15T20:49:21.143299Z"},{"id":1082,"fincertId":"FINCERT-2026-001082","incidentId":9166,"idempotencyKey":"incident-9166","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:21.007148Z","receivedAt":"2026-05-15T20:49:21.023301Z"},{"id":1081,"fincertId":"FINCERT-2026-001081","incidentId":9156,"idempotencyKey":"incident-9156","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:20.819672Z","receivedAt":"2026-05-15T20:49:20.845621Z"},{"id":1080,"fincertId":"FINCERT-2026-001080","incidentId":9152,"idempotencyKey":"incident-9152","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:20.729862Z","receivedAt":"2026-05-15T20:49:20.749776Z"},{"id":1079,"fincertId":"FINCERT-2026-001079","incidentId":9147,"idempotencyKey":"incident-9147","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:20.596076Z","receivedAt":"2026-05-15T20:49:20.610021Z"},{"id":1078,"fincertId":"FINCERT-2026-001078","incidentId":9146,"idempotencyKey":"incident-9146","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:20.576004Z","receivedAt":"2026-05-15T20:49:20.588232Z"},{"id":1077,"fincertId":"FINCERT-2026-001077","incidentId":9141,"idempotencyKey":"incident-9141","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:20.445896Z","receivedAt":"2026-05-15T20:49:20.461846Z"},{"id":1076,"fincertId":"FINCERT-2026-001076","incidentId":9137,"idempotencyKey":"incident-9137","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:20.374045Z","receivedAt":"2026-05-15T20:49:20.389810Z"},{"id":1075,"fincertId":"FINCERT-2026-001075","incidentId":9132,"idempotencyKey":"incident-9132","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:20.255501Z","receivedAt":"2026-05-15T20:49:20.268132Z"},{"id":1074,"fincertId":"FINCERT-2026-001074","incidentId":9131,"idempotencyKey":"incident-9131","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:20.224456Z","receivedAt":"2026-05-15T20:49:20.238429Z"},{"id":1073,"fincertId":"FINCERT-2026-001073","incidentId":9125,"idempotencyKey":"incident-9125","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:20.082851Z","receivedAt":"2026-05-15T20:49:20.111856Z"},{"id":1072,"fincertId":"FINCERT-2026-001072","incidentId":9122,"idempotencyKey":"incident-9122","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:20.023471Z","receivedAt":"2026-05-15T20:49:20.037657Z"},{"id":1071,"fincertId":"FINCERT-2026-001071","incidentId":9120,"idempotencyKey":"incident-9120","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:19.966148Z","receivedAt":"2026-05-15T20:49:19.992828Z"},{"id":1070,"fincertId":"FINCERT-2026-001070","incidentId":9119,"idempotencyKey":"incident-9119","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:19.938834Z","receivedAt":"2026-05-15T20:49:19.949926Z"},{"id":1069,"fincertId":"FINCERT-2026-001069","incidentId":9117,"idempotencyKey":"incident-9117","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:19.907070Z","receivedAt":"2026-05-15T20:49:19.919148Z"},{"id":1068,"fincertId":"FINCERT-2026-001068","incidentId":9113,"idempotencyKey":"incident-9113","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:19.832583Z","receivedAt":"2026-05-15T20:49:19.851672Z"},{"id":1067,"fincertId":"FINCERT-2026-001067","incidentId":9109,"idempotencyKey":"incident-9109","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:19.756970Z","receivedAt":"2026-05-15T20:49:19.769305Z"},{"id":1066,"fincertId":"FINCERT-2026-001066","incidentId":9106,"idempotencyKey":"incident-9106","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:19.689710Z","receivedAt":"2026-05-15T20:49:19.704585Z"},{"id":1065,"fincertId":"FINCERT-2026-001065","incidentId":9100,"idempotencyKey":"incident-9100","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:19.573443Z","receivedAt":"2026-05-15T20:49:19.587387Z"},{"id":1064,"fincertId":"FINCERT-2026-001064","incidentId":9098,"idempotencyKey":"incident-9098","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:19.494041Z","receivedAt":"2026-05-15T20:49:19.538122Z"},{"id":1063,"fincertId":"FINCERT-2026-001063","incidentId":9090,"idempotencyKey":"incident-9090","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:19.347761Z","receivedAt":"2026-05-15T20:49:19.363412Z"},{"id":1062,"fincertId":"FINCERT-2026-001062","incidentId":9086,"idempotencyKey":"incident-9086","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:19.253707Z","receivedAt":"2026-05-15T20:49:19.268379Z"},{"id":1061,"fincertId":"FINCERT-2026-001061","incidentId":9085,"idempotencyKey":"incident-9085","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:19.232444Z","receivedAt":"2026-05-15T20:49:19.245455Z"},{"id":1060,"fincertId":"FINCERT-2026-001060","incidentId":9081,"idempotencyKey":"incident-9081","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:19.116677Z","receivedAt":"2026-05-15T20:49:19.170567Z"},{"id":1059,"fincertId":"FINCERT-2026-001059","incidentId":9080,"idempotencyKey":"incident-9080","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:19.083600Z","receivedAt":"2026-05-15T20:49:19.102818Z"},{"id":1058,"fincertId":"FINCERT-2026-001058","incidentId":9078,"idempotencyKey":"incident-9078","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:18.988843Z","receivedAt":"2026-05-15T20:49:19.030021Z"},{"id":1057,"fincertId":"FINCERT-2026-001057","incidentId":9077,"idempotencyKey":"incident-9077","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:18.921939Z","receivedAt":"2026-05-15T20:49:18.948380Z"},{"id":1056,"fincertId":"FINCERT-2026-001056","incidentId":9076,"idempotencyKey":"incident-9076","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:18.883743Z","receivedAt":"2026-05-15T20:49:18.906407Z"},{"id":1055,"fincertId":"FINCERT-2026-001055","incidentId":9069,"idempotencyKey":"incident-9069","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:18.743011Z","receivedAt":"2026-05-15T20:49:18.757165Z"},{"id":1054,"fincertId":"FINCERT-2026-001054","incidentId":9062,"idempotencyKey":"incident-9062","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:18.634944Z","receivedAt":"2026-05-15T20:49:18.649959Z"},{"id":1053,"fincertId":"FINCERT-2026-001053","incidentId":9060,"idempotencyKey":"incident-9060","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:18.590219Z","receivedAt":"2026-05-15T20:49:18.603894Z"},{"id":1052,"fincertId":"FINCERT-2026-001052","incidentId":9057,"idempotencyKey":"incident-9057","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:18.539329Z","receivedAt":"2026-05-15T20:49:18.552218Z"},{"id":1051,"fincertId":"FINCERT-2026-001051","incidentId":9056,"idempotencyKey":"incident-9056","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:18.512934Z","receivedAt":"2026-05-15T20:49:18.531862Z"},{"id":1050,"fincertId":"FINCERT-2026-001050","incidentId":9041,"idempotencyKey":"incident-9041","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:18.211485Z","receivedAt":"2026-05-15T20:49:18.233437Z"},{"id":1049,"fincertId":"FINCERT-2026-001049","incidentId":9038,"idempotencyKey":"incident-9038","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:18.144609Z","receivedAt":"2026-05-15T20:49:18.172926Z"},{"id":1048,"fincertId":"FINCERT-2026-001048","incidentId":9036,"idempotencyKey":"incident-9036","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:18.056486Z","receivedAt":"2026-05-15T20:49:18.069403Z"},{"id":1047,"fincertId":"FINCERT-2026-001047","incidentId":9034,"idempotencyKey":"incident-9034","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:18.016118Z","receivedAt":"2026-05-15T20:49:18.030897Z"},{"id":1046,"fincertId":"FINCERT-2026-001046","incidentId":9033,"idempotencyKey":"incident-9033","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:17.987355Z","receivedAt":"2026-05-15T20:49:18.004472Z"},{"id":1045,"fincertId":"FINCERT-2026-001045","incidentId":9032,"idempotencyKey":"incident-9032","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:17.952528Z","receivedAt":"2026-05-15T20:49:17.968893Z"},{"id":1044,"fincertId":"FINCERT-2026-001044","incidentId":9028,"idempotencyKey":"incident-9028","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:17.894918Z","receivedAt":"2026-05-15T20:49:17.908711Z"},{"id":1043,"fincertId":"FINCERT-2026-001043","incidentId":9025,"idempotencyKey":"incident-9025","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:17.829953Z","receivedAt":"2026-05-15T20:49:17.859226Z"},{"id":1042,"fincertId":"FINCERT-2026-001042","incidentId":9020,"idempotencyKey":"incident-9020","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:17.731924Z","receivedAt":"2026-05-15T20:49:17.744770Z"},{"id":1041,"fincertId":"FINCERT-2026-001041","incidentId":9018,"idempotencyKey":"incident-9018","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:17.682877Z","receivedAt":"2026-05-15T20:49:17.698146Z"},{"id":1040,"fincertId":"FINCERT-2026-001040","incidentId":9017,"idempotencyKey":"incident-9017","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:17.632199Z","receivedAt":"2026-05-15T20:49:17.664410Z"},{"id":1039,"fincertId":"FINCERT-2026-001039","incidentId":9012,"idempotencyKey":"incident-9012","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:17.534355Z","receivedAt":"2026-05-15T20:49:17.547102Z"},{"id":1038,"fincertId":"FINCERT-2026-001038","incidentId":9011,"idempotencyKey":"incident-9011","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:17.511838Z","receivedAt":"2026-05-15T20:49:17.526999Z"},{"id":1037,"fincertId":"FINCERT-2026-001037","incidentId":9007,"idempotencyKey":"incident-9007","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:17.408426Z","receivedAt":"2026-05-15T20:49:17.420408Z"},{"id":1036,"fincertId":"FINCERT-2026-001036","incidentId":9004,"idempotencyKey":"incident-9004","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:17.325511Z","receivedAt":"2026-05-15T20:49:17.364622Z"},{"id":1035,"fincertId":"FINCERT-2026-001035","incidentId":9003,"idempotencyKey":"incident-9003","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:17.286462Z","receivedAt":"2026-05-15T20:49:17.301200Z"},{"id":1034,"fincertId":"FINCERT-2026-001034","incidentId":9002,"idempotencyKey":"incident-9002","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:17.262865Z","receivedAt":"2026-05-15T20:49:17.279220Z"},{"id":1033,"fincertId":"FINCERT-2026-001033","incidentId":9000,"idempotencyKey":"incident-9000","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:17.210092Z","receivedAt":"2026-05-15T20:49:17.234031Z"},{"id":1032,"fincertId":"FINCERT-2026-001032","incidentId":8998,"idempotencyKey":"incident-8998","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:17.138819Z","receivedAt":"2026-05-15T20:49:17.161955Z"},{"id":1031,"fincertId":"FINCERT-2026-001031","incidentId":8997,"idempotencyKey":"incident-8997","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:17.100626Z","receivedAt":"2026-05-15T20:49:17.125115Z"},{"id":1030,"fincertId":"FINCERT-2026-001030","incidentId":8994,"idempotencyKey":"incident-8994","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:17.045242Z","receivedAt":"2026-05-15T20:49:17.057342Z"},{"id":1029,"fincertId":"FINCERT-2026-001029","incidentId":8990,"idempotencyKey":"incident-8990","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:16.943538Z","receivedAt":"2026-05-15T20:49:16.958460Z"},{"id":1028,"fincertId":"FINCERT-2026-001028","incidentId":8987,"idempotencyKey":"incident-8987","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:16.894064Z","receivedAt":"2026-05-15T20:49:16.906529Z"},{"id":1027,"fincertId":"FINCERT-2026-001027","incidentId":8984,"idempotencyKey":"incident-8984","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:16.824609Z","receivedAt":"2026-05-15T20:49:16.849887Z"},{"id":1026,"fincertId":"FINCERT-2026-001026","incidentId":8983,"idempotencyKey":"incident-8983","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:16.801707Z","receivedAt":"2026-05-15T20:49:16.815461Z"},{"id":1025,"fincertId":"FINCERT-2026-001025","incidentId":8977,"idempotencyKey":"incident-8977","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:16.606067Z","receivedAt":"2026-05-15T20:49:16.648011Z"},{"id":1024,"fincertId":"FINCERT-2026-001024","incidentId":8973,"idempotencyKey":"incident-8973","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:16.510317Z","receivedAt":"2026-05-15T20:49:16.527468Z"},{"id":1023,"fincertId":"FINCERT-2026-001023","incidentId":8971,"idempotencyKey":"incident-8971","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:16.444913Z","receivedAt":"2026-05-15T20:49:16.461611Z"},{"id":1022,"fincertId":"FINCERT-2026-001022","incidentId":8969,"idempotencyKey":"incident-8969","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:16.399790Z","receivedAt":"2026-05-15T20:49:16.412132Z"},{"id":1021,"fincertId":"FINCERT-2026-001021","incidentId":8967,"idempotencyKey":"incident-8967","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:16.361955Z","receivedAt":"2026-05-15T20:49:16.376840Z"},{"id":1020,"fincertId":"FINCERT-2026-001020","incidentId":8965,"idempotencyKey":"incident-8965","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:16.311915Z","receivedAt":"2026-05-15T20:49:16.337952Z"},{"id":1019,"fincertId":"FINCERT-2026-001019","incidentId":8963,"idempotencyKey":"incident-8963","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:16.276834Z","receivedAt":"2026-05-15T20:49:16.289453Z"},{"id":1018,"fincertId":"FINCERT-2026-001018","incidentId":8958,"idempotencyKey":"incident-8958","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:16.142688Z","receivedAt":"2026-05-15T20:49:16.181882Z"},{"id":1017,"fincertId":"FINCERT-2026-001017","incidentId":8952,"idempotencyKey":"incident-8952","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:16.022067Z","receivedAt":"2026-05-15T20:49:16.038634Z"},{"id":1016,"fincertId":"FINCERT-2026-001016","incidentId":8947,"idempotencyKey":"incident-8947","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:15.923091Z","receivedAt":"2026-05-15T20:49:15.937780Z"},{"id":1015,"fincertId":"FINCERT-2026-001015","incidentId":8944,"idempotencyKey":"incident-8944","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:15.862042Z","receivedAt":"2026-05-15T20:49:15.876848Z"},{"id":1014,"fincertId":"FINCERT-2026-001014","incidentId":8941,"idempotencyKey":"incident-8941","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:15.778362Z","receivedAt":"2026-05-15T20:49:15.790937Z"},{"id":1013,"fincertId":"FINCERT-2026-001013","incidentId":8934,"idempotencyKey":"incident-8934","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:15.666467Z","receivedAt":"2026-05-15T20:49:15.682068Z"},{"id":1012,"fincertId":"FINCERT-2026-001012","incidentId":8930,"idempotencyKey":"incident-8930","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:15.525630Z","receivedAt":"2026-05-15T20:49:15.550924Z"},{"id":1011,"fincertId":"FINCERT-2026-001011","incidentId":8919,"idempotencyKey":"incident-8919","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:15.236498Z","receivedAt":"2026-05-15T20:49:15.260664Z"},{"id":1010,"fincertId":"FINCERT-2026-001010","incidentId":8917,"idempotencyKey":"incident-8917","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:15.071206Z","receivedAt":"2026-05-15T20:49:15.108670Z"},{"id":1009,"fincertId":"FINCERT-2026-001009","incidentId":8915,"idempotencyKey":"incident-8915","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:14.962528Z","receivedAt":"2026-05-15T20:49:14.979116Z"},{"id":1008,"fincertId":"FINCERT-2026-001008","incidentId":8913,"idempotencyKey":"incident-8913","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:14.865670Z","receivedAt":"2026-05-15T20:49:14.885444Z"},{"id":1007,"fincertId":"FINCERT-2026-001007","incidentId":8908,"idempotencyKey":"incident-8908","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:14.739406Z","receivedAt":"2026-05-15T20:49:14.755556Z"},{"id":1006,"fincertId":"FINCERT-2026-001006","incidentId":8903,"idempotencyKey":"incident-8903","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:14.618279Z","receivedAt":"2026-05-15T20:49:14.649457Z"},{"id":1005,"fincertId":"FINCERT-2026-001005","incidentId":8892,"idempotencyKey":"incident-8892","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:14.293875Z","receivedAt":"2026-05-15T20:49:14.322870Z"},{"id":1004,"fincertId":"FINCERT-2026-001004","incidentId":8890,"idempotencyKey":"incident-8890","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:14.203566Z","receivedAt":"2026-05-15T20:49:14.244420Z"},{"id":1003,"fincertId":"FINCERT-2026-001003","incidentId":8888,"idempotencyKey":"incident-8888","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:14.110577Z","receivedAt":"2026-05-15T20:49:14.140755Z"},{"id":1002,"fincertId":"FINCERT-2026-001002","incidentId":8884,"idempotencyKey":"incident-8884","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:13.995981Z","receivedAt":"2026-05-15T20:49:14.016952Z"},{"id":1001,"fincertId":"FINCERT-2026-001001","incidentId":8881,"idempotencyKey":"incident-8881","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:13.932371Z","receivedAt":"2026-05-15T20:49:13.946652Z"},{"id":1000,"fincertId":"FINCERT-2026-001000","incidentId":8879,"idempotencyKey":"incident-8879","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:13.897980Z","receivedAt":"2026-05-15T20:49:13.909733Z"},{"id":999,"fincertId":"FINCERT-2026-000999","incidentId":8877,"idempotencyKey":"incident-8877","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:13.866327Z","receivedAt":"2026-05-15T20:49:13.878547Z"},{"id":998,"fincertId":"FINCERT-2026-000998","incidentId":8870,"idempotencyKey":"incident-8870","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:13.714026Z","receivedAt":"2026-05-15T20:49:13.730772Z"},{"id":997,"fincertId":"FINCERT-2026-000997","incidentId":8868,"idempotencyKey":"incident-8868","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:13.651612Z","receivedAt":"2026-05-15T20:49:13.673924Z"},{"id":996,"fincertId":"FINCERT-2026-000996","incidentId":8867,"idempotencyKey":"incident-8867","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:13.602807Z","receivedAt":"2026-05-15T20:49:13.633714Z"},{"id":995,"fincertId":"FINCERT-2026-000995","incidentId":8865,"idempotencyKey":"incident-8865","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:13.557899Z","receivedAt":"2026-05-15T20:49:13.577653Z"},{"id":994,"fincertId":"FINCERT-2026-000994","incidentId":8864,"idempotencyKey":"incident-8864","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:13.537598Z","receivedAt":"2026-05-15T20:49:13.549629Z"},{"id":993,"fincertId":"FINCERT-2026-000993","incidentId":8862,"idempotencyKey":"incident-8862","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:13.445864Z","receivedAt":"2026-05-15T20:49:13.465158Z"},{"id":992,"fincertId":"FINCERT-2026-000992","incidentId":8861,"idempotencyKey":"incident-8861","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:13.415080Z","receivedAt":"2026-05-15T20:49:13.437744Z"},{"id":991,"fincertId":"FINCERT-2026-000991","incidentId":8860,"idempotencyKey":"incident-8860","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:13.336320Z","receivedAt":"2026-05-15T20:49:13.387773Z"},{"id":990,"fincertId":"FINCERT-2026-000990","incidentId":8859,"idempotencyKey":"incident-8859","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:13.294551Z","receivedAt":"2026-05-15T20:49:13.309410Z"},{"id":989,"fincertId":"FINCERT-2026-000989","incidentId":8856,"idempotencyKey":"incident-8856","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:13.238784Z","receivedAt":"2026-05-15T20:49:13.253600Z"},{"id":988,"fincertId":"FINCERT-2026-000988","incidentId":8855,"idempotencyKey":"incident-8855","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:13.212421Z","receivedAt":"2026-05-15T20:49:13.230601Z"},{"id":987,"fincertId":"FINCERT-2026-000987","incidentId":8848,"idempotencyKey":"incident-8848","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:12.965153Z","receivedAt":"2026-05-15T20:49:13.000742Z"},{"id":986,"fincertId":"FINCERT-2026-000986","incidentId":8846,"idempotencyKey":"incident-8846","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:12.904209Z","receivedAt":"2026-05-15T20:49:12.934499Z"},{"id":985,"fincertId":"FINCERT-2026-000985","incidentId":8844,"idempotencyKey":"incident-8844","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:12.836476Z","receivedAt":"2026-05-15T20:49:12.870322Z"},{"id":984,"fincertId":"FINCERT-2026-000984","incidentId":8841,"idempotencyKey":"incident-8841","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:12.742405Z","receivedAt":"2026-05-15T20:49:12.765446Z"},{"id":983,"fincertId":"FINCERT-2026-000983","incidentId":8836,"idempotencyKey":"incident-8836","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:12.536130Z","receivedAt":"2026-05-15T20:49:12.570476Z"},{"id":982,"fincertId":"FINCERT-2026-000982","incidentId":8832,"idempotencyKey":"incident-8832","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:12.409002Z","receivedAt":"2026-05-15T20:49:12.435816Z"},{"id":981,"fincertId":"FINCERT-2026-000981","incidentId":8830,"idempotencyKey":"incident-8830","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:12.327660Z","receivedAt":"2026-05-15T20:49:12.359796Z"},{"id":980,"fincertId":"FINCERT-2026-000980","incidentId":8829,"idempotencyKey":"incident-8829","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:12.286515Z","receivedAt":"2026-05-15T20:49:12.311434Z"},{"id":979,"fincertId":"FINCERT-2026-000979","incidentId":8822,"idempotencyKey":"incident-8822","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:12.060430Z","receivedAt":"2026-05-15T20:49:12.084742Z"},{"id":978,"fincertId":"FINCERT-2026-000978","incidentId":8819,"idempotencyKey":"incident-8819","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:11.940964Z","receivedAt":"2026-05-15T20:49:11.963128Z"},{"id":977,"fincertId":"FINCERT-2026-000977","incidentId":8817,"idempotencyKey":"incident-8817","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:11.881129Z","receivedAt":"2026-05-15T20:49:11.898019Z"},{"id":976,"fincertId":"FINCERT-2026-000976","incidentId":8814,"idempotencyKey":"incident-8814","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:11.800317Z","receivedAt":"2026-05-15T20:49:11.832443Z"},{"id":975,"fincertId":"FINCERT-2026-000975","incidentId":8812,"idempotencyKey":"incident-8812","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:11.738897Z","receivedAt":"2026-05-15T20:49:11.757891Z"},{"id":974,"fincertId":"FINCERT-2026-000974","incidentId":8811,"idempotencyKey":"incident-8811","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:11.658383Z","receivedAt":"2026-05-15T20:49:11.693209Z"},{"id":973,"fincertId":"FINCERT-2026-000973","incidentId":8809,"idempotencyKey":"incident-8809","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:11.565751Z","receivedAt":"2026-05-15T20:49:11.589062Z"},{"id":972,"fincertId":"FINCERT-2026-000972","incidentId":8807,"idempotencyKey":"incident-8807","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:11.474843Z","receivedAt":"2026-05-15T20:49:11.525687Z"},{"id":971,"fincertId":"FINCERT-2026-000971","incidentId":8804,"idempotencyKey":"incident-8804","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:11.392418Z","receivedAt":"2026-05-15T20:49:11.414748Z"},{"id":970,"fincertId":"FINCERT-2026-000970","incidentId":8801,"idempotencyKey":"incident-8801","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:11.254890Z","receivedAt":"2026-05-15T20:49:11.274751Z"},{"id":969,"fincertId":"FINCERT-2026-000969","incidentId":8798,"idempotencyKey":"incident-8798","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:11.140765Z","receivedAt":"2026-05-15T20:49:11.173640Z"},{"id":968,"fincertId":"FINCERT-2026-000968","incidentId":8794,"idempotencyKey":"incident-8794","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:11.008068Z","receivedAt":"2026-05-15T20:49:11.034990Z"},{"id":967,"fincertId":"FINCERT-2026-000967","incidentId":8793,"idempotencyKey":"incident-8793","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:10.946565Z","receivedAt":"2026-05-15T20:49:10.981058Z"},{"id":966,"fincertId":"FINCERT-2026-000966","incidentId":8790,"idempotencyKey":"incident-8790","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:10.867827Z","receivedAt":"2026-05-15T20:49:10.893998Z"},{"id":965,"fincertId":"FINCERT-2026-000965","incidentId":8789,"idempotencyKey":"incident-8789","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:10.824032Z","receivedAt":"2026-05-15T20:49:10.849375Z"},{"id":964,"fincertId":"FINCERT-2026-000964","incidentId":8788,"idempotencyKey":"incident-8788","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:10.775323Z","receivedAt":"2026-05-15T20:49:10.815238Z"},{"id":963,"fincertId":"FINCERT-2026-000963","incidentId":8786,"idempotencyKey":"incident-8786","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:10.715754Z","receivedAt":"2026-05-15T20:49:10.732377Z"},{"id":962,"fincertId":"FINCERT-2026-000962","incidentId":8784,"idempotencyKey":"incident-8784","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:10.649074Z","receivedAt":"2026-05-15T20:49:10.677755Z"},{"id":961,"fincertId":"FINCERT-2026-000961","incidentId":8780,"idempotencyKey":"incident-8780","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:10.523406Z","receivedAt":"2026-05-15T20:49:10.549553Z"},{"id":960,"fincertId":"FINCERT-2026-000960","incidentId":8774,"idempotencyKey":"incident-8774","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:10.367713Z","receivedAt":"2026-05-15T20:49:10.384085Z"},{"id":959,"fincertId":"FINCERT-2026-000959","incidentId":8770,"idempotencyKey":"incident-8770","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:10.233098Z","receivedAt":"2026-05-15T20:49:10.251495Z"},{"id":958,"fincertId":"FINCERT-2026-000958","incidentId":8769,"idempotencyKey":"incident-8769","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:10.206968Z","receivedAt":"2026-05-15T20:49:10.224964Z"},{"id":957,"fincertId":"FINCERT-2026-000957","incidentId":8759,"idempotencyKey":"incident-8759","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:09.967407Z","receivedAt":"2026-05-15T20:49:10.000240Z"},{"id":956,"fincertId":"FINCERT-2026-000956","incidentId":8750,"idempotencyKey":"incident-8750","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:09.609383Z","receivedAt":"2026-05-15T20:49:09.635664Z"},{"id":955,"fincertId":"FINCERT-2026-000955","incidentId":8747,"idempotencyKey":"incident-8747","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:09.531155Z","receivedAt":"2026-05-15T20:49:09.551547Z"},{"id":954,"fincertId":"FINCERT-2026-000954","incidentId":8743,"idempotencyKey":"incident-8743","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:09.432359Z","receivedAt":"2026-05-15T20:49:09.447688Z"},{"id":953,"fincertId":"FINCERT-2026-000953","incidentId":8742,"idempotencyKey":"incident-8742","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:09.392371Z","receivedAt":"2026-05-15T20:49:09.413671Z"},{"id":952,"fincertId":"FINCERT-2026-000952","incidentId":8740,"idempotencyKey":"incident-8740","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:09.288969Z","receivedAt":"2026-05-15T20:49:09.322422Z"},{"id":951,"fincertId":"FINCERT-2026-000951","incidentId":8738,"idempotencyKey":"incident-8738","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:09.236987Z","receivedAt":"2026-05-15T20:49:09.253581Z"},{"id":950,"fincertId":"FINCERT-2026-000950","incidentId":8736,"idempotencyKey":"incident-8736","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:09.158904Z","receivedAt":"2026-05-15T20:49:09.192322Z"},{"id":949,"fincertId":"FINCERT-2026-000949","incidentId":8729,"idempotencyKey":"incident-8729","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:08.954045Z","receivedAt":"2026-05-15T20:49:08.976404Z"},{"id":948,"fincertId":"FINCERT-2026-000948","incidentId":8725,"idempotencyKey":"incident-8725","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:08.885009Z","receivedAt":"2026-05-15T20:49:08.898560Z"},{"id":947,"fincertId":"FINCERT-2026-000947","incidentId":8720,"idempotencyKey":"incident-8720","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:08.783856Z","receivedAt":"2026-05-15T20:49:08.795633Z"},{"id":946,"fincertId":"FINCERT-2026-000946","incidentId":8712,"idempotencyKey":"incident-8712","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:08.643823Z","receivedAt":"2026-05-15T20:49:08.666601Z"},{"id":945,"fincertId":"FINCERT-2026-000945","incidentId":8710,"idempotencyKey":"incident-8710","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:08.593764Z","receivedAt":"2026-05-15T20:49:08.610500Z"},{"id":944,"fincertId":"FINCERT-2026-000944","incidentId":8705,"idempotencyKey":"incident-8705","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:08.448565Z","receivedAt":"2026-05-15T20:49:08.473068Z"},{"id":943,"fincertId":"FINCERT-2026-000943","incidentId":8704,"idempotencyKey":"incident-8704","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:08.421044Z","receivedAt":"2026-05-15T20:49:08.440226Z"},{"id":942,"fincertId":"FINCERT-2026-000942","incidentId":8695,"idempotencyKey":"incident-8695","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:08.225956Z","receivedAt":"2026-05-15T20:49:08.243717Z"},{"id":941,"fincertId":"FINCERT-2026-000941","incidentId":8694,"idempotencyKey":"incident-8694","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:08.197561Z","receivedAt":"2026-05-15T20:49:08.216410Z"},{"id":940,"fincertId":"FINCERT-2026-000940","incidentId":8690,"idempotencyKey":"incident-8690","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:08.098678Z","receivedAt":"2026-05-15T20:49:08.115197Z"},{"id":939,"fincertId":"FINCERT-2026-000939","incidentId":8684,"idempotencyKey":"incident-8684","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:07.978743Z","receivedAt":"2026-05-15T20:49:08.014830Z"},{"id":938,"fincertId":"FINCERT-2026-000938","incidentId":8677,"idempotencyKey":"incident-8677","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:07.857778Z","receivedAt":"2026-05-15T20:49:07.872883Z"},{"id":937,"fincertId":"FINCERT-2026-000937","incidentId":8675,"idempotencyKey":"incident-8675","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:07.790850Z","receivedAt":"2026-05-15T20:49:07.805498Z"},{"id":936,"fincertId":"FINCERT-2026-000936","incidentId":8674,"idempotencyKey":"incident-8674","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:07.769986Z","receivedAt":"2026-05-15T20:49:07.783802Z"},{"id":935,"fincertId":"FINCERT-2026-000935","incidentId":8673,"idempotencyKey":"incident-8673","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:07.749530Z","receivedAt":"2026-05-15T20:49:07.762758Z"},{"id":934,"fincertId":"FINCERT-2026-000934","incidentId":8672,"idempotencyKey":"incident-8672","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:07.724574Z","receivedAt":"2026-05-15T20:49:07.741004Z"},{"id":933,"fincertId":"FINCERT-2026-000933","incidentId":8669,"idempotencyKey":"incident-8669","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:07.658511Z","receivedAt":"2026-05-15T20:49:07.675487Z"},{"id":932,"fincertId":"FINCERT-2026-000932","incidentId":8667,"idempotencyKey":"incident-8667","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:07.587007Z","receivedAt":"2026-05-15T20:49:07.607662Z"},{"id":931,"fincertId":"FINCERT-2026-000931","incidentId":8665,"idempotencyKey":"incident-8665","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:07.521348Z","receivedAt":"2026-05-15T20:49:07.553644Z"},{"id":930,"fincertId":"FINCERT-2026-000930","incidentId":8664,"idempotencyKey":"incident-8664","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:07.469467Z","receivedAt":"2026-05-15T20:49:07.499133Z"},{"id":929,"fincertId":"FINCERT-2026-000929","incidentId":8661,"idempotencyKey":"incident-8661","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:07.406609Z","receivedAt":"2026-05-15T20:49:07.424708Z"},{"id":928,"fincertId":"FINCERT-2026-000928","incidentId":8653,"idempotencyKey":"incident-8653","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:07.222433Z","receivedAt":"2026-05-15T20:49:07.238443Z"},{"id":927,"fincertId":"FINCERT-2026-000927","incidentId":8651,"idempotencyKey":"incident-8651","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:07.170634Z","receivedAt":"2026-05-15T20:49:07.184448Z"},{"id":926,"fincertId":"FINCERT-2026-000926","incidentId":8648,"idempotencyKey":"incident-8648","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:07.096940Z","receivedAt":"2026-05-15T20:49:07.113237Z"},{"id":925,"fincertId":"FINCERT-2026-000925","incidentId":8647,"idempotencyKey":"incident-8647","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:07.076327Z","receivedAt":"2026-05-15T20:49:07.089937Z"},{"id":924,"fincertId":"FINCERT-2026-000924","incidentId":8646,"idempotencyKey":"incident-8646","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:07.043504Z","receivedAt":"2026-05-15T20:49:07.057705Z"},{"id":923,"fincertId":"FINCERT-2026-000923","incidentId":8644,"idempotencyKey":"incident-8644","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:06.993109Z","receivedAt":"2026-05-15T20:49:07.020903Z"},{"id":922,"fincertId":"FINCERT-2026-000922","incidentId":8643,"idempotencyKey":"incident-8643","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:06.960726Z","receivedAt":"2026-05-15T20:49:06.980989Z"},{"id":921,"fincertId":"FINCERT-2026-000921","incidentId":8639,"idempotencyKey":"incident-8639","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:06.886402Z","receivedAt":"2026-05-15T20:49:06.902747Z"},{"id":920,"fincertId":"FINCERT-2026-000920","incidentId":8638,"idempotencyKey":"incident-8638","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:06.847545Z","receivedAt":"2026-05-15T20:49:06.878859Z"},{"id":919,"fincertId":"FINCERT-2026-000919","incidentId":8636,"idempotencyKey":"incident-8636","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:06.765702Z","receivedAt":"2026-05-15T20:49:06.779683Z"},{"id":918,"fincertId":"FINCERT-2026-000918","incidentId":8635,"idempotencyKey":"incident-8635","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:06.739150Z","receivedAt":"2026-05-15T20:49:06.756964Z"},{"id":917,"fincertId":"FINCERT-2026-000917","incidentId":8634,"idempotencyKey":"incident-8634","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:06.715244Z","receivedAt":"2026-05-15T20:49:06.730354Z"},{"id":916,"fincertId":"FINCERT-2026-000916","incidentId":8633,"idempotencyKey":"incident-8633","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:06.679889Z","receivedAt":"2026-05-15T20:49:06.694592Z"},{"id":915,"fincertId":"FINCERT-2026-000915","incidentId":8628,"idempotencyKey":"incident-8628","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:06.575922Z","receivedAt":"2026-05-15T20:49:06.591161Z"},{"id":914,"fincertId":"FINCERT-2026-000914","incidentId":8623,"idempotencyKey":"incident-8623","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:06.454520Z","receivedAt":"2026-05-15T20:49:06.487281Z"},{"id":913,"fincertId":"FINCERT-2026-000913","incidentId":8622,"idempotencyKey":"incident-8622","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:06.433700Z","receivedAt":"2026-05-15T20:49:06.447136Z"},{"id":912,"fincertId":"FINCERT-2026-000912","incidentId":8621,"idempotencyKey":"incident-8621","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:06.412268Z","receivedAt":"2026-05-15T20:49:06.425829Z"},{"id":911,"fincertId":"FINCERT-2026-000911","incidentId":8612,"idempotencyKey":"incident-8612","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:06.207831Z","receivedAt":"2026-05-15T20:49:06.226015Z"},{"id":910,"fincertId":"FINCERT-2026-000910","incidentId":8610,"idempotencyKey":"incident-8610","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:06.134893Z","receivedAt":"2026-05-15T20:49:06.172419Z"},{"id":909,"fincertId":"FINCERT-2026-000909","incidentId":8606,"idempotencyKey":"incident-8606","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:05.978362Z","receivedAt":"2026-05-15T20:49:06.026802Z"},{"id":908,"fincertId":"FINCERT-2026-000908","incidentId":8604,"idempotencyKey":"incident-8604","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:05.924610Z","receivedAt":"2026-05-15T20:49:05.940010Z"},{"id":907,"fincertId":"FINCERT-2026-000907","incidentId":8603,"idempotencyKey":"incident-8603","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:05.895307Z","receivedAt":"2026-05-15T20:49:05.910727Z"},{"id":906,"fincertId":"FINCERT-2026-000906","incidentId":8600,"idempotencyKey":"incident-8600","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:05.841907Z","receivedAt":"2026-05-15T20:49:05.857557Z"},{"id":905,"fincertId":"FINCERT-2026-000905","incidentId":8599,"idempotencyKey":"incident-8599","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:05.813375Z","receivedAt":"2026-05-15T20:49:05.831572Z"},{"id":904,"fincertId":"FINCERT-2026-000904","incidentId":8597,"idempotencyKey":"incident-8597","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:05.764595Z","receivedAt":"2026-05-15T20:49:05.776413Z"},{"id":903,"fincertId":"FINCERT-2026-000903","incidentId":8594,"idempotencyKey":"incident-8594","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:05.715875Z","receivedAt":"2026-05-15T20:49:05.729878Z"},{"id":902,"fincertId":"FINCERT-2026-000902","incidentId":8586,"idempotencyKey":"incident-8586","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:05.567138Z","receivedAt":"2026-05-15T20:49:05.580607Z"},{"id":901,"fincertId":"FINCERT-2026-000901","incidentId":8585,"idempotencyKey":"incident-8585","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:05.548452Z","receivedAt":"2026-05-15T20:49:05.560638Z"},{"id":900,"fincertId":"FINCERT-2026-000900","incidentId":8582,"idempotencyKey":"incident-8582","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:05.503309Z","receivedAt":"2026-05-15T20:49:05.515950Z"},{"id":899,"fincertId":"FINCERT-2026-000899","incidentId":8578,"idempotencyKey":"incident-8578","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:05.384324Z","receivedAt":"2026-05-15T20:49:05.415062Z"},{"id":898,"fincertId":"FINCERT-2026-000898","incidentId":8575,"idempotencyKey":"incident-8575","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:05.307498Z","receivedAt":"2026-05-15T20:49:05.327493Z"},{"id":897,"fincertId":"FINCERT-2026-000897","incidentId":8568,"idempotencyKey":"incident-8568","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:05.190531Z","receivedAt":"2026-05-15T20:49:05.205421Z"},{"id":896,"fincertId":"FINCERT-2026-000896","incidentId":8564,"idempotencyKey":"incident-8564","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:05.077446Z","receivedAt":"2026-05-15T20:49:05.092775Z"},{"id":895,"fincertId":"FINCERT-2026-000895","incidentId":8562,"idempotencyKey":"incident-8562","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:05.030690Z","receivedAt":"2026-05-15T20:49:05.047156Z"},{"id":894,"fincertId":"FINCERT-2026-000894","incidentId":8555,"idempotencyKey":"incident-8555","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:04.894332Z","receivedAt":"2026-05-15T20:49:04.907434Z"},{"id":893,"fincertId":"FINCERT-2026-000893","incidentId":8551,"idempotencyKey":"incident-8551","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:04.822074Z","receivedAt":"2026-05-15T20:49:04.841122Z"},{"id":892,"fincertId":"FINCERT-2026-000892","incidentId":8548,"idempotencyKey":"incident-8548","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:04.758298Z","receivedAt":"2026-05-15T20:49:04.770688Z"},{"id":891,"fincertId":"FINCERT-2026-000891","incidentId":8544,"idempotencyKey":"incident-8544","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:04.675829Z","receivedAt":"2026-05-15T20:49:04.708432Z"},{"id":890,"fincertId":"FINCERT-2026-000890","incidentId":8541,"idempotencyKey":"incident-8541","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:04.526929Z","receivedAt":"2026-05-15T20:49:04.597027Z"},{"id":889,"fincertId":"FINCERT-2026-000889","incidentId":8536,"idempotencyKey":"incident-8536","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:04.379821Z","receivedAt":"2026-05-15T20:49:04.397228Z"},{"id":888,"fincertId":"FINCERT-2026-000888","incidentId":8535,"idempotencyKey":"incident-8535","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:04.318699Z","receivedAt":"2026-05-15T20:49:04.364840Z"},{"id":887,"fincertId":"FINCERT-2026-000887","incidentId":8533,"idempotencyKey":"incident-8533","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:04.275122Z","receivedAt":"2026-05-15T20:49:04.287989Z"},{"id":886,"fincertId":"FINCERT-2026-000886","incidentId":8532,"idempotencyKey":"incident-8532","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:04.251069Z","receivedAt":"2026-05-15T20:49:04.266142Z"},{"id":885,"fincertId":"FINCERT-2026-000885","incidentId":8522,"idempotencyKey":"incident-8522","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:04.093213Z","receivedAt":"2026-05-15T20:49:04.111764Z"},{"id":884,"fincertId":"FINCERT-2026-000884","incidentId":8521,"idempotencyKey":"incident-8521","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:04.045125Z","receivedAt":"2026-05-15T20:49:04.081534Z"},{"id":883,"fincertId":"FINCERT-2026-000883","incidentId":8519,"idempotencyKey":"incident-8519","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:03.973848Z","receivedAt":"2026-05-15T20:49:03.999150Z"},{"id":882,"fincertId":"FINCERT-2026-000882","incidentId":8511,"idempotencyKey":"incident-8511","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:03.727099Z","receivedAt":"2026-05-15T20:49:03.744072Z"},{"id":881,"fincertId":"FINCERT-2026-000881","incidentId":8502,"idempotencyKey":"incident-8502","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:03.545552Z","receivedAt":"2026-05-15T20:49:03.564013Z"},{"id":880,"fincertId":"FINCERT-2026-000880","incidentId":8494,"idempotencyKey":"incident-8494","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:03.301725Z","receivedAt":"2026-05-15T20:49:03.326045Z"},{"id":879,"fincertId":"FINCERT-2026-000879","incidentId":8493,"idempotencyKey":"incident-8493","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:03.273400Z","receivedAt":"2026-05-15T20:49:03.289917Z"},{"id":878,"fincertId":"FINCERT-2026-000878","incidentId":8483,"idempotencyKey":"incident-8483","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:03.082624Z","receivedAt":"2026-05-15T20:49:03.097643Z"},{"id":877,"fincertId":"FINCERT-2026-000877","incidentId":8479,"idempotencyKey":"incident-8479","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:02.982868Z","receivedAt":"2026-05-15T20:49:03.001325Z"},{"id":876,"fincertId":"FINCERT-2026-000876","incidentId":8478,"idempotencyKey":"incident-8478","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:02.950689Z","receivedAt":"2026-05-15T20:49:02.972115Z"},{"id":875,"fincertId":"FINCERT-2026-000875","incidentId":8474,"idempotencyKey":"incident-8474","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:02.875456Z","receivedAt":"2026-05-15T20:49:02.888208Z"},{"id":874,"fincertId":"FINCERT-2026-000874","incidentId":8473,"idempotencyKey":"incident-8473","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:02.845899Z","receivedAt":"2026-05-15T20:49:02.867652Z"},{"id":873,"fincertId":"FINCERT-2026-000873","incidentId":8469,"idempotencyKey":"incident-8469","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:02.759956Z","receivedAt":"2026-05-15T20:49:02.776816Z"},{"id":872,"fincertId":"FINCERT-2026-000872","incidentId":8468,"idempotencyKey":"incident-8468","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:02.735626Z","receivedAt":"2026-05-15T20:49:02.750007Z"},{"id":871,"fincertId":"FINCERT-2026-000871","incidentId":8458,"idempotencyKey":"incident-8458","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:02.526789Z","receivedAt":"2026-05-15T20:49:02.544914Z"},{"id":870,"fincertId":"FINCERT-2026-000870","incidentId":8447,"idempotencyKey":"incident-8447","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:02.282449Z","receivedAt":"2026-05-15T20:49:02.294802Z"},{"id":869,"fincertId":"FINCERT-2026-000869","incidentId":8446,"idempotencyKey":"incident-8446","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:02.261286Z","receivedAt":"2026-05-15T20:49:02.275724Z"},{"id":868,"fincertId":"FINCERT-2026-000868","incidentId":8444,"idempotencyKey":"incident-8444","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:02.209712Z","receivedAt":"2026-05-15T20:49:02.224141Z"},{"id":867,"fincertId":"FINCERT-2026-000867","incidentId":8441,"idempotencyKey":"incident-8441","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:02.133846Z","receivedAt":"2026-05-15T20:49:02.153411Z"},{"id":866,"fincertId":"FINCERT-2026-000866","incidentId":8439,"idempotencyKey":"incident-8439","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:02.088885Z","receivedAt":"2026-05-15T20:49:02.103310Z"},{"id":865,"fincertId":"FINCERT-2026-000865","incidentId":8438,"idempotencyKey":"incident-8438","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:02.063836Z","receivedAt":"2026-05-15T20:49:02.080799Z"},{"id":864,"fincertId":"FINCERT-2026-000864","incidentId":8436,"idempotencyKey":"incident-8436","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:02.024369Z","receivedAt":"2026-05-15T20:49:02.040901Z"},{"id":863,"fincertId":"FINCERT-2026-000863","incidentId":8433,"idempotencyKey":"incident-8433","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:01.953223Z","receivedAt":"2026-05-15T20:49:01.971786Z"},{"id":862,"fincertId":"FINCERT-2026-000862","incidentId":8430,"idempotencyKey":"incident-8430","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:01.886375Z","receivedAt":"2026-05-15T20:49:01.902244Z"},{"id":861,"fincertId":"FINCERT-2026-000861","incidentId":8425,"idempotencyKey":"incident-8425","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:01.760599Z","receivedAt":"2026-05-15T20:49:01.773471Z"},{"id":860,"fincertId":"FINCERT-2026-000860","incidentId":8424,"idempotencyKey":"incident-8424","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:01.740403Z","receivedAt":"2026-05-15T20:49:01.753588Z"},{"id":859,"fincertId":"FINCERT-2026-000859","incidentId":8418,"idempotencyKey":"incident-8418","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:01.650723Z","receivedAt":"2026-05-15T20:49:01.665239Z"},{"id":858,"fincertId":"FINCERT-2026-000858","incidentId":8413,"idempotencyKey":"incident-8413","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:01.555743Z","receivedAt":"2026-05-15T20:49:01.571515Z"},{"id":857,"fincertId":"FINCERT-2026-000857","incidentId":8412,"idempotencyKey":"incident-8412","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:01.498515Z","receivedAt":"2026-05-15T20:49:01.529750Z"},{"id":856,"fincertId":"FINCERT-2026-000856","incidentId":8410,"idempotencyKey":"incident-8410","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:01.441678Z","receivedAt":"2026-05-15T20:49:01.457684Z"},{"id":855,"fincertId":"FINCERT-2026-000855","incidentId":8409,"idempotencyKey":"incident-8409","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:01.419028Z","receivedAt":"2026-05-15T20:49:01.433086Z"},{"id":854,"fincertId":"FINCERT-2026-000854","incidentId":8397,"idempotencyKey":"incident-8397","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:01.190821Z","receivedAt":"2026-05-15T20:49:01.204798Z"},{"id":853,"fincertId":"FINCERT-2026-000853","incidentId":8396,"idempotencyKey":"incident-8396","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:01.145082Z","receivedAt":"2026-05-15T20:49:01.169152Z"},{"id":852,"fincertId":"FINCERT-2026-000852","incidentId":8388,"idempotencyKey":"incident-8388","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:00.942602Z","receivedAt":"2026-05-15T20:49:00.961861Z"},{"id":851,"fincertId":"FINCERT-2026-000851","incidentId":8384,"idempotencyKey":"incident-8384","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:00.859397Z","receivedAt":"2026-05-15T20:49:00.881761Z"},{"id":850,"fincertId":"FINCERT-2026-000850","incidentId":8378,"idempotencyKey":"incident-8378","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:00.719144Z","receivedAt":"2026-05-15T20:49:00.732380Z"},{"id":849,"fincertId":"FINCERT-2026-000849","incidentId":8376,"idempotencyKey":"incident-8376","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:49:00.678157Z","receivedAt":"2026-05-15T20:49:00.697141Z"},{"id":848,"fincertId":"FINCERT-2026-000848","incidentId":8373,"idempotencyKey":"incident-8373","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:49:00.584628Z","receivedAt":"2026-05-15T20:49:00.602659Z"},{"id":847,"fincertId":"FINCERT-2026-000847","incidentId":8369,"idempotencyKey":"incident-8369","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:49:00.509407Z","receivedAt":"2026-05-15T20:49:00.523878Z"},{"id":846,"fincertId":"FINCERT-2026-000846","incidentId":8363,"idempotencyKey":"incident-8363","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:49:00.365521Z","receivedAt":"2026-05-15T20:49:00.379429Z"},{"id":845,"fincertId":"FINCERT-2026-000845","incidentId":8361,"idempotencyKey":"incident-8361","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:49:00.299633Z","receivedAt":"2026-05-15T20:49:00.321993Z"},{"id":844,"fincertId":"FINCERT-2026-000844","incidentId":8359,"idempotencyKey":"incident-8359","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:49:00.147325Z","receivedAt":"2026-05-15T20:49:00.171890Z"},{"id":843,"fincertId":"FINCERT-2026-000843","incidentId":8355,"idempotencyKey":"incident-8355","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:59.964653Z","receivedAt":"2026-05-15T20:48:59.988354Z"},{"id":842,"fincertId":"FINCERT-2026-000842","incidentId":8354,"idempotencyKey":"incident-8354","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:59.938354Z","receivedAt":"2026-05-15T20:48:59.952402Z"},{"id":841,"fincertId":"FINCERT-2026-000841","incidentId":8333,"idempotencyKey":"incident-8333","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:59.486315Z","receivedAt":"2026-05-15T20:48:59.499157Z"},{"id":840,"fincertId":"FINCERT-2026-000840","incidentId":8331,"idempotencyKey":"incident-8331","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:59.432578Z","receivedAt":"2026-05-15T20:48:59.444823Z"},{"id":839,"fincertId":"FINCERT-2026-000839","incidentId":8330,"idempotencyKey":"incident-8330","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:59.413938Z","receivedAt":"2026-05-15T20:48:59.425952Z"},{"id":838,"fincertId":"FINCERT-2026-000838","incidentId":8326,"idempotencyKey":"incident-8326","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:59.312423Z","receivedAt":"2026-05-15T20:48:59.353315Z"},{"id":837,"fincertId":"FINCERT-2026-000837","incidentId":8321,"idempotencyKey":"incident-8321","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:59.166527Z","receivedAt":"2026-05-15T20:48:59.199443Z"},{"id":836,"fincertId":"FINCERT-2026-000836","incidentId":8317,"idempotencyKey":"incident-8317","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:59.057369Z","receivedAt":"2026-05-15T20:48:59.079949Z"},{"id":835,"fincertId":"FINCERT-2026-000835","incidentId":8313,"idempotencyKey":"incident-8313","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:58.943767Z","receivedAt":"2026-05-15T20:48:58.962456Z"},{"id":834,"fincertId":"FINCERT-2026-000834","incidentId":8312,"idempotencyKey":"incident-8312","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:58.923565Z","receivedAt":"2026-05-15T20:48:58.936131Z"},{"id":833,"fincertId":"FINCERT-2026-000833","incidentId":8307,"idempotencyKey":"incident-8307","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:58.793610Z","receivedAt":"2026-05-15T20:48:58.813801Z"},{"id":832,"fincertId":"FINCERT-2026-000832","incidentId":8303,"idempotencyKey":"incident-8303","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:58.707460Z","receivedAt":"2026-05-15T20:48:58.719881Z"},{"id":831,"fincertId":"FINCERT-2026-000831","incidentId":8302,"idempotencyKey":"incident-8302","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:58.675900Z","receivedAt":"2026-05-15T20:48:58.689628Z"},{"id":830,"fincertId":"FINCERT-2026-000830","incidentId":8301,"idempotencyKey":"incident-8301","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:58.653021Z","receivedAt":"2026-05-15T20:48:58.667376Z"},{"id":829,"fincertId":"FINCERT-2026-000829","incidentId":8298,"idempotencyKey":"incident-8298","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:58.575384Z","receivedAt":"2026-05-15T20:48:58.590002Z"},{"id":828,"fincertId":"FINCERT-2026-000828","incidentId":8296,"idempotencyKey":"incident-8296","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:58.533483Z","receivedAt":"2026-05-15T20:48:58.553391Z"},{"id":827,"fincertId":"FINCERT-2026-000827","incidentId":8295,"idempotencyKey":"incident-8295","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:58.500677Z","receivedAt":"2026-05-15T20:48:58.525058Z"},{"id":826,"fincertId":"FINCERT-2026-000826","incidentId":8288,"idempotencyKey":"incident-8288","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:58.348924Z","receivedAt":"2026-05-15T20:48:58.367236Z"},{"id":825,"fincertId":"FINCERT-2026-000825","incidentId":8285,"idempotencyKey":"incident-8285","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:58.276508Z","receivedAt":"2026-05-15T20:48:58.289664Z"},{"id":824,"fincertId":"FINCERT-2026-000824","incidentId":8284,"idempotencyKey":"incident-8284","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:58.242837Z","receivedAt":"2026-05-15T20:48:58.256896Z"},{"id":823,"fincertId":"FINCERT-2026-000823","incidentId":8280,"idempotencyKey":"incident-8280","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:58.129637Z","receivedAt":"2026-05-15T20:48:58.160311Z"},{"id":822,"fincertId":"FINCERT-2026-000822","incidentId":8275,"idempotencyKey":"incident-8275","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:57.977657Z","receivedAt":"2026-05-15T20:48:58.015814Z"},{"id":821,"fincertId":"FINCERT-2026-000821","incidentId":8271,"idempotencyKey":"incident-8271","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:57.881338Z","receivedAt":"2026-05-15T20:48:57.895024Z"},{"id":820,"fincertId":"FINCERT-2026-000820","incidentId":8268,"idempotencyKey":"incident-8268","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:57.822359Z","receivedAt":"2026-05-15T20:48:57.841198Z"},{"id":819,"fincertId":"FINCERT-2026-000819","incidentId":8266,"idempotencyKey":"incident-8266","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:57.766977Z","receivedAt":"2026-05-15T20:48:57.793235Z"},{"id":818,"fincertId":"FINCERT-2026-000818","incidentId":8258,"idempotencyKey":"incident-8258","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:57.586563Z","receivedAt":"2026-05-15T20:48:57.608060Z"},{"id":817,"fincertId":"FINCERT-2026-000817","incidentId":8250,"idempotencyKey":"incident-8250","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:57.401518Z","receivedAt":"2026-05-15T20:48:57.414725Z"},{"id":816,"fincertId":"FINCERT-2026-000816","incidentId":8248,"idempotencyKey":"incident-8248","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:57.326628Z","receivedAt":"2026-05-15T20:48:57.368866Z"},{"id":815,"fincertId":"FINCERT-2026-000815","incidentId":8242,"idempotencyKey":"incident-8242","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:57.193650Z","receivedAt":"2026-05-15T20:48:57.216043Z"},{"id":814,"fincertId":"FINCERT-2026-000814","incidentId":8241,"idempotencyKey":"incident-8241","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:57.150875Z","receivedAt":"2026-05-15T20:48:57.180201Z"},{"id":813,"fincertId":"FINCERT-2026-000813","incidentId":8239,"idempotencyKey":"incident-8239","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:57.091662Z","receivedAt":"2026-05-15T20:48:57.107615Z"},{"id":812,"fincertId":"FINCERT-2026-000812","incidentId":8236,"idempotencyKey":"incident-8236","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:57.022105Z","receivedAt":"2026-05-15T20:48:57.042125Z"},{"id":811,"fincertId":"FINCERT-2026-000811","incidentId":8235,"idempotencyKey":"incident-8235","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:56.980392Z","receivedAt":"2026-05-15T20:48:57.010293Z"},{"id":810,"fincertId":"FINCERT-2026-000810","incidentId":8232,"idempotencyKey":"incident-8232","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:56.897808Z","receivedAt":"2026-05-15T20:48:56.914442Z"},{"id":809,"fincertId":"FINCERT-2026-000809","incidentId":8227,"idempotencyKey":"incident-8227","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:56.781361Z","receivedAt":"2026-05-15T20:48:56.794579Z"},{"id":808,"fincertId":"FINCERT-2026-000808","incidentId":8225,"idempotencyKey":"incident-8225","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:56.747077Z","receivedAt":"2026-05-15T20:48:56.760148Z"},{"id":807,"fincertId":"FINCERT-2026-000807","incidentId":8221,"idempotencyKey":"incident-8221","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:56.660988Z","receivedAt":"2026-05-15T20:48:56.678065Z"},{"id":806,"fincertId":"FINCERT-2026-000806","incidentId":8218,"idempotencyKey":"incident-8218","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:56.581970Z","receivedAt":"2026-05-15T20:48:56.599978Z"},{"id":805,"fincertId":"FINCERT-2026-000805","incidentId":8212,"idempotencyKey":"incident-8212","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:56.458462Z","receivedAt":"2026-05-15T20:48:56.493138Z"},{"id":804,"fincertId":"FINCERT-2026-000804","incidentId":8204,"idempotencyKey":"incident-8204","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:56.265616Z","receivedAt":"2026-05-15T20:48:56.279683Z"},{"id":803,"fincertId":"FINCERT-2026-000803","incidentId":8201,"idempotencyKey":"incident-8201","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:56.192105Z","receivedAt":"2026-05-15T20:48:56.213568Z"},{"id":802,"fincertId":"FINCERT-2026-000802","incidentId":8200,"idempotencyKey":"incident-8200","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:56.161243Z","receivedAt":"2026-05-15T20:48:56.181918Z"},{"id":801,"fincertId":"FINCERT-2026-000801","incidentId":8198,"idempotencyKey":"incident-8198","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:56.085609Z","receivedAt":"2026-05-15T20:48:56.106243Z"},{"id":800,"fincertId":"FINCERT-2026-000800","incidentId":8197,"idempotencyKey":"incident-8197","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:56.014852Z","receivedAt":"2026-05-15T20:48:56.048321Z"},{"id":799,"fincertId":"FINCERT-2026-000799","incidentId":8193,"idempotencyKey":"incident-8193","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:55.902017Z","receivedAt":"2026-05-15T20:48:55.915855Z"},{"id":798,"fincertId":"FINCERT-2026-000798","incidentId":8192,"idempotencyKey":"incident-8192","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:55.881675Z","receivedAt":"2026-05-15T20:48:55.894897Z"},{"id":797,"fincertId":"FINCERT-2026-000797","incidentId":8191,"idempotencyKey":"incident-8191","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:55.842407Z","receivedAt":"2026-05-15T20:48:55.872289Z"},{"id":796,"fincertId":"FINCERT-2026-000796","incidentId":8184,"idempotencyKey":"incident-8184","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:55.691230Z","receivedAt":"2026-05-15T20:48:55.705031Z"},{"id":795,"fincertId":"FINCERT-2026-000795","incidentId":8183,"idempotencyKey":"incident-8183","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:55.661464Z","receivedAt":"2026-05-15T20:48:55.682868Z"},{"id":794,"fincertId":"FINCERT-2026-000794","incidentId":8182,"idempotencyKey":"incident-8182","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:55.614711Z","receivedAt":"2026-05-15T20:48:55.645531Z"},{"id":793,"fincertId":"FINCERT-2026-000793","incidentId":8178,"idempotencyKey":"incident-8178","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:55.513706Z","receivedAt":"2026-05-15T20:48:55.539477Z"},{"id":792,"fincertId":"FINCERT-2026-000792","incidentId":8174,"idempotencyKey":"incident-8174","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:55.410044Z","receivedAt":"2026-05-15T20:48:55.423073Z"},{"id":791,"fincertId":"FINCERT-2026-000791","incidentId":8169,"idempotencyKey":"incident-8169","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:55.314976Z","receivedAt":"2026-05-15T20:48:55.339524Z"},{"id":790,"fincertId":"FINCERT-2026-000790","incidentId":8163,"idempotencyKey":"incident-8163","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:55.218779Z","receivedAt":"2026-05-15T20:48:55.231493Z"},{"id":789,"fincertId":"FINCERT-2026-000789","incidentId":8162,"idempotencyKey":"incident-8162","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:55.196019Z","receivedAt":"2026-05-15T20:48:55.209930Z"},{"id":788,"fincertId":"FINCERT-2026-000788","incidentId":8153,"idempotencyKey":"incident-8153","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:54.907281Z","receivedAt":"2026-05-15T20:48:54.923066Z"},{"id":787,"fincertId":"FINCERT-2026-000787","incidentId":8151,"idempotencyKey":"incident-8151","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:54.828879Z","receivedAt":"2026-05-15T20:48:54.855881Z"},{"id":786,"fincertId":"FINCERT-2026-000786","incidentId":8150,"idempotencyKey":"incident-8150","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:54.768432Z","receivedAt":"2026-05-15T20:48:54.785380Z"},{"id":785,"fincertId":"FINCERT-2026-000785","incidentId":8146,"idempotencyKey":"incident-8146","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:54.688492Z","receivedAt":"2026-05-15T20:48:54.702972Z"},{"id":784,"fincertId":"FINCERT-2026-000784","incidentId":8137,"idempotencyKey":"incident-8137","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:54.490796Z","receivedAt":"2026-05-15T20:48:54.540148Z"},{"id":783,"fincertId":"FINCERT-2026-000783","incidentId":8129,"idempotencyKey":"incident-8129","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:54.290844Z","receivedAt":"2026-05-15T20:48:54.313663Z"},{"id":782,"fincertId":"FINCERT-2026-000782","incidentId":8127,"idempotencyKey":"incident-8127","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:54.229509Z","receivedAt":"2026-05-15T20:48:54.243636Z"},{"id":781,"fincertId":"FINCERT-2026-000781","incidentId":8121,"idempotencyKey":"incident-8121","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:54.077147Z","receivedAt":"2026-05-15T20:48:54.092383Z"},{"id":780,"fincertId":"FINCERT-2026-000780","incidentId":8120,"idempotencyKey":"incident-8120","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:54.023899Z","receivedAt":"2026-05-15T20:48:54.043130Z"},{"id":779,"fincertId":"FINCERT-2026-000779","incidentId":8115,"idempotencyKey":"incident-8115","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:53.885608Z","receivedAt":"2026-05-15T20:48:53.897833Z"},{"id":778,"fincertId":"FINCERT-2026-000778","incidentId":8113,"idempotencyKey":"incident-8113","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:53.845359Z","receivedAt":"2026-05-15T20:48:53.860752Z"},{"id":777,"fincertId":"FINCERT-2026-000777","incidentId":8109,"idempotencyKey":"incident-8109","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:53.767556Z","receivedAt":"2026-05-15T20:48:53.780579Z"},{"id":776,"fincertId":"FINCERT-2026-000776","incidentId":8105,"idempotencyKey":"incident-8105","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:53.699099Z","receivedAt":"2026-05-15T20:48:53.712357Z"},{"id":775,"fincertId":"FINCERT-2026-000775","incidentId":8103,"idempotencyKey":"incident-8103","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:53.650926Z","receivedAt":"2026-05-15T20:48:53.664694Z"},{"id":774,"fincertId":"FINCERT-2026-000774","incidentId":8101,"idempotencyKey":"incident-8101","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:53.599419Z","receivedAt":"2026-05-15T20:48:53.618828Z"},{"id":773,"fincertId":"FINCERT-2026-000773","incidentId":8097,"idempotencyKey":"incident-8097","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:53.535005Z","receivedAt":"2026-05-15T20:48:53.549310Z"},{"id":772,"fincertId":"FINCERT-2026-000772","incidentId":8096,"idempotencyKey":"incident-8096","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:53.507166Z","receivedAt":"2026-05-15T20:48:53.518803Z"},{"id":771,"fincertId":"FINCERT-2026-000771","incidentId":8095,"idempotencyKey":"incident-8095","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:53.481892Z","receivedAt":"2026-05-15T20:48:53.499556Z"},{"id":770,"fincertId":"FINCERT-2026-000770","incidentId":8088,"idempotencyKey":"incident-8088","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:53.305116Z","receivedAt":"2026-05-15T20:48:53.327674Z"},{"id":769,"fincertId":"FINCERT-2026-000769","incidentId":8083,"idempotencyKey":"incident-8083","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:53.112555Z","receivedAt":"2026-05-15T20:48:53.158576Z"},{"id":768,"fincertId":"FINCERT-2026-000768","incidentId":8081,"idempotencyKey":"incident-8081","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:53.011868Z","receivedAt":"2026-05-15T20:48:53.051351Z"},{"id":767,"fincertId":"FINCERT-2026-000767","incidentId":8078,"idempotencyKey":"incident-8078","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:52.908199Z","receivedAt":"2026-05-15T20:48:52.925418Z"},{"id":766,"fincertId":"FINCERT-2026-000766","incidentId":8074,"idempotencyKey":"incident-8074","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:52.753745Z","receivedAt":"2026-05-15T20:48:52.793621Z"},{"id":765,"fincertId":"FINCERT-2026-000765","incidentId":8073,"idempotencyKey":"incident-8073","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:52.693791Z","receivedAt":"2026-05-15T20:48:52.713244Z"},{"id":764,"fincertId":"FINCERT-2026-000764","incidentId":8068,"idempotencyKey":"incident-8068","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:52.493097Z","receivedAt":"2026-05-15T20:48:52.542609Z"},{"id":763,"fincertId":"FINCERT-2026-000763","incidentId":8067,"idempotencyKey":"incident-8067","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:52.441705Z","receivedAt":"2026-05-15T20:48:52.467801Z"},{"id":762,"fincertId":"FINCERT-2026-000762","incidentId":8065,"idempotencyKey":"incident-8065","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:52.366422Z","receivedAt":"2026-05-15T20:48:52.395541Z"},{"id":761,"fincertId":"FINCERT-2026-000761","incidentId":8064,"idempotencyKey":"incident-8064","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:48:52.297131Z","receivedAt":"2026-05-15T20:48:52.343808Z"},{"id":760,"fincertId":"FINCERT-2026-000760","incidentId":8063,"idempotencyKey":"incident-8063","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:52.259919Z","receivedAt":"2026-05-15T20:48:52.275359Z"},{"id":759,"fincertId":"FINCERT-2026-000759","incidentId":8058,"idempotencyKey":"incident-8058","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:52.131522Z","receivedAt":"2026-05-15T20:48:52.172422Z"},{"id":758,"fincertId":"FINCERT-2026-000758","incidentId":8056,"idempotencyKey":"incident-8056","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:52.080973Z","receivedAt":"2026-05-15T20:48:52.097569Z"},{"id":757,"fincertId":"FINCERT-2026-000757","incidentId":8052,"idempotencyKey":"incident-8052","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.954930Z","receivedAt":"2026-05-15T20:48:51.978039Z"},{"id":756,"fincertId":"FINCERT-2026-000756","incidentId":8051,"idempotencyKey":"incident-8051","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:51.933904Z","receivedAt":"2026-05-15T20:48:51.947110Z"},{"id":755,"fincertId":"FINCERT-2026-000755","incidentId":8049,"idempotencyKey":"incident-8049","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:51.899593Z","receivedAt":"2026-05-15T20:48:51.910764Z"},{"id":754,"fincertId":"FINCERT-2026-000754","incidentId":8043,"idempotencyKey":"incident-8043","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.776693Z","receivedAt":"2026-05-15T20:48:51.790080Z"},{"id":753,"fincertId":"FINCERT-2026-000753","incidentId":8042,"idempotencyKey":"incident-8042","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:51.743196Z","receivedAt":"2026-05-15T20:48:51.759599Z"},{"id":752,"fincertId":"FINCERT-2026-000752","incidentId":8038,"idempotencyKey":"incident-8038","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:51.666436Z","receivedAt":"2026-05-15T20:48:51.681286Z"},{"id":751,"fincertId":"FINCERT-2026-000751","incidentId":8035,"idempotencyKey":"incident-8035","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.580156Z","receivedAt":"2026-05-15T20:48:51.592131Z"},{"id":750,"fincertId":"FINCERT-2026-000750","incidentId":8034,"idempotencyKey":"incident-8034","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.557543Z","receivedAt":"2026-05-15T20:48:51.572236Z"},{"id":749,"fincertId":"FINCERT-2026-000749","incidentId":8032,"idempotencyKey":"incident-8032","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.468542Z","receivedAt":"2026-05-15T20:48:51.503130Z"},{"id":748,"fincertId":"FINCERT-2026-000748","incidentId":8026,"idempotencyKey":"incident-8026","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.339590Z","receivedAt":"2026-05-15T20:48:51.371609Z"},{"id":747,"fincertId":"FINCERT-2026-000747","incidentId":8024,"idempotencyKey":"incident-8024","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:51.288342Z","receivedAt":"2026-05-15T20:48:51.305478Z"},{"id":746,"fincertId":"FINCERT-2026-000746","incidentId":8023,"idempotencyKey":"incident-8023","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.267969Z","receivedAt":"2026-05-15T20:48:51.280164Z"},{"id":745,"fincertId":"FINCERT-2026-000745","incidentId":8021,"idempotencyKey":"incident-8021","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:48:51.226559Z","receivedAt":"2026-05-15T20:48:51.240021Z"},{"id":744,"fincertId":"FINCERT-2026-000744","incidentId":8019,"idempotencyKey":"incident-8019","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:51.182119Z","receivedAt":"2026-05-15T20:48:51.196917Z"},{"id":743,"fincertId":"FINCERT-2026-000743","incidentId":8018,"idempotencyKey":"incident-8018","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.153541Z","receivedAt":"2026-05-15T20:48:51.173929Z"},{"id":742,"fincertId":"FINCERT-2026-000742","incidentId":8017,"idempotencyKey":"incident-8017","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.118783Z","receivedAt":"2026-05-15T20:48:51.140895Z"},{"id":741,"fincertId":"FINCERT-2026-000741","incidentId":8013,"idempotencyKey":"incident-8013","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:51.036099Z","receivedAt":"2026-05-15T20:48:51.051816Z"},{"id":740,"fincertId":"FINCERT-2026-000740","incidentId":8011,"idempotencyKey":"incident-8011","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:50.966597Z","receivedAt":"2026-05-15T20:48:50.991127Z"},{"id":739,"fincertId":"FINCERT-2026-000739","incidentId":8009,"idempotencyKey":"incident-8009","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:50.920408Z","receivedAt":"2026-05-15T20:48:50.935713Z"},{"id":738,"fincertId":"FINCERT-2026-000738","incidentId":8003,"idempotencyKey":"incident-8003","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:50.776884Z","receivedAt":"2026-05-15T20:48:50.793762Z"},{"id":737,"fincertId":"FINCERT-2026-000737","incidentId":8001,"idempotencyKey":"incident-8001","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:50.737147Z","receivedAt":"2026-05-15T20:48:50.751718Z"},{"id":736,"fincertId":"FINCERT-2026-000736","incidentId":7997,"idempotencyKey":"incident-7997","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:50.621145Z","receivedAt":"2026-05-15T20:48:50.650498Z"},{"id":735,"fincertId":"FINCERT-2026-000735","incidentId":7992,"idempotencyKey":"incident-7992","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:50.511329Z","receivedAt":"2026-05-15T20:48:50.530970Z"},{"id":734,"fincertId":"FINCERT-2026-000734","incidentId":7990,"idempotencyKey":"incident-7990","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:50.450443Z","receivedAt":"2026-05-15T20:48:50.472903Z"},{"id":733,"fincertId":"FINCERT-2026-000733","incidentId":7987,"idempotencyKey":"incident-7987","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:50.380159Z","receivedAt":"2026-05-15T20:48:50.400312Z"},{"id":732,"fincertId":"FINCERT-2026-000732","incidentId":7979,"idempotencyKey":"incident-7979","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:50.214900Z","receivedAt":"2026-05-15T20:48:50.229632Z"},{"id":731,"fincertId":"FINCERT-2026-000731","incidentId":7978,"idempotencyKey":"incident-7978","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:50.195771Z","receivedAt":"2026-05-15T20:48:50.207989Z"},{"id":730,"fincertId":"FINCERT-2026-000730","incidentId":7972,"idempotencyKey":"incident-7972","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:50.076728Z","receivedAt":"2026-05-15T20:48:50.090960Z"},{"id":729,"fincertId":"FINCERT-2026-000729","incidentId":7970,"idempotencyKey":"incident-7970","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:50.024795Z","receivedAt":"2026-05-15T20:48:50.040495Z"},{"id":728,"fincertId":"FINCERT-2026-000728","incidentId":7966,"idempotencyKey":"incident-7966","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:49.944932Z","receivedAt":"2026-05-15T20:48:49.960212Z"},{"id":727,"fincertId":"FINCERT-2026-000727","incidentId":7960,"idempotencyKey":"incident-7960","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:49.839233Z","receivedAt":"2026-05-15T20:48:49.859363Z"},{"id":726,"fincertId":"FINCERT-2026-000726","incidentId":7959,"idempotencyKey":"incident-7959","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:49.804831Z","receivedAt":"2026-05-15T20:48:49.828877Z"},{"id":725,"fincertId":"FINCERT-2026-000725","incidentId":7958,"idempotencyKey":"incident-7958","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:49.779353Z","receivedAt":"2026-05-15T20:48:49.796270Z"},{"id":724,"fincertId":"FINCERT-2026-000724","incidentId":7946,"idempotencyKey":"incident-7946","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:49.518469Z","receivedAt":"2026-05-15T20:48:49.533822Z"},{"id":723,"fincertId":"FINCERT-2026-000723","incidentId":7944,"idempotencyKey":"incident-7944","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:49.451718Z","receivedAt":"2026-05-15T20:48:49.468519Z"},{"id":722,"fincertId":"FINCERT-2026-000722","incidentId":7941,"idempotencyKey":"incident-7941","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:49.384148Z","receivedAt":"2026-05-15T20:48:49.400157Z"},{"id":721,"fincertId":"FINCERT-2026-000721","incidentId":7940,"idempotencyKey":"incident-7940","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:49.350135Z","receivedAt":"2026-05-15T20:48:49.362798Z"},{"id":720,"fincertId":"FINCERT-2026-000720","incidentId":7937,"idempotencyKey":"incident-7937","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:49.288931Z","receivedAt":"2026-05-15T20:48:49.302372Z"},{"id":719,"fincertId":"FINCERT-2026-000719","incidentId":7935,"idempotencyKey":"incident-7935","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:49.250936Z","receivedAt":"2026-05-15T20:48:49.264330Z"},{"id":718,"fincertId":"FINCERT-2026-000718","incidentId":7933,"idempotencyKey":"incident-7933","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:49.202239Z","receivedAt":"2026-05-15T20:48:49.218145Z"},{"id":717,"fincertId":"FINCERT-2026-000717","incidentId":7928,"idempotencyKey":"incident-7928","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:49.059457Z","receivedAt":"2026-05-15T20:48:49.078145Z"},{"id":716,"fincertId":"FINCERT-2026-000716","incidentId":7924,"idempotencyKey":"incident-7924","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:48:48.960329Z","receivedAt":"2026-05-15T20:48:48.983978Z"},{"id":715,"fincertId":"FINCERT-2026-000715","incidentId":7919,"idempotencyKey":"incident-7919","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:48.783428Z","receivedAt":"2026-05-15T20:48:48.806312Z"},{"id":714,"fincertId":"FINCERT-2026-000714","incidentId":7916,"idempotencyKey":"incident-7916","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:48.711835Z","receivedAt":"2026-05-15T20:48:48.728298Z"},{"id":713,"fincertId":"FINCERT-2026-000713","incidentId":7915,"idempotencyKey":"incident-7915","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:48.687756Z","receivedAt":"2026-05-15T20:48:48.704204Z"},{"id":712,"fincertId":"FINCERT-2026-000712","incidentId":7908,"idempotencyKey":"incident-7908","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:48.470672Z","receivedAt":"2026-05-15T20:48:48.517200Z"},{"id":711,"fincertId":"FINCERT-2026-000711","incidentId":7907,"idempotencyKey":"incident-7907","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:48.441094Z","receivedAt":"2026-05-15T20:48:48.457535Z"},{"id":710,"fincertId":"FINCERT-2026-000710","incidentId":7906,"idempotencyKey":"incident-7906","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:48.416235Z","receivedAt":"2026-05-15T20:48:48.431988Z"},{"id":709,"fincertId":"FINCERT-2026-000709","incidentId":7902,"idempotencyKey":"incident-7902","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:48.290525Z","receivedAt":"2026-05-15T20:48:48.310702Z"},{"id":708,"fincertId":"FINCERT-2026-000708","incidentId":7893,"idempotencyKey":"incident-7893","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:48.083621Z","receivedAt":"2026-05-15T20:48:48.098818Z"},{"id":707,"fincertId":"FINCERT-2026-000707","incidentId":7889,"idempotencyKey":"incident-7889","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:47.901690Z","receivedAt":"2026-05-15T20:48:47.920915Z"},{"id":706,"fincertId":"FINCERT-2026-000706","incidentId":7887,"idempotencyKey":"incident-7887","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:47.838209Z","receivedAt":"2026-05-15T20:48:47.870591Z"},{"id":705,"fincertId":"FINCERT-2026-000705","incidentId":7879,"idempotencyKey":"incident-7879","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:47.653718Z","receivedAt":"2026-05-15T20:48:47.690826Z"},{"id":704,"fincertId":"FINCERT-2026-000704","incidentId":7875,"idempotencyKey":"incident-7875","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:47.454394Z","receivedAt":"2026-05-15T20:48:47.504156Z"},{"id":703,"fincertId":"FINCERT-2026-000703","incidentId":7873,"idempotencyKey":"incident-7873","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:48:47.314243Z","receivedAt":"2026-05-15T20:48:47.387138Z"},{"id":702,"fincertId":"FINCERT-2026-000702","incidentId":7872,"idempotencyKey":"incident-7872","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:47.213650Z","receivedAt":"2026-05-15T20:48:47.241874Z"},{"id":701,"fincertId":"FINCERT-2026-000701","incidentId":7865,"idempotencyKey":"incident-7865","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:47.003597Z","receivedAt":"2026-05-15T20:48:47.020980Z"},{"id":700,"fincertId":"FINCERT-2026-000700","incidentId":7853,"idempotencyKey":"incident-7853","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:46.589859Z","receivedAt":"2026-05-15T20:48:46.607523Z"},{"id":699,"fincertId":"FINCERT-2026-000699","incidentId":7837,"idempotencyKey":"incident-7837","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:45.928910Z","receivedAt":"2026-05-15T20:48:45.969783Z"},{"id":698,"fincertId":"FINCERT-2026-000698","incidentId":7834,"idempotencyKey":"incident-7834","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:45.813150Z","receivedAt":"2026-05-15T20:48:45.871792Z"},{"id":697,"fincertId":"FINCERT-2026-000697","incidentId":7833,"idempotencyKey":"incident-7833","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:45.783839Z","receivedAt":"2026-05-15T20:48:45.798832Z"},{"id":696,"fincertId":"FINCERT-2026-000696","incidentId":7829,"idempotencyKey":"incident-7829","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:45.689024Z","receivedAt":"2026-05-15T20:48:45.708023Z"},{"id":695,"fincertId":"FINCERT-2026-000695","incidentId":7825,"idempotencyKey":"incident-7825","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:45.564034Z","receivedAt":"2026-05-15T20:48:45.577599Z"},{"id":694,"fincertId":"FINCERT-2026-000694","incidentId":7814,"idempotencyKey":"incident-7814","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:45.281858Z","receivedAt":"2026-05-15T20:48:45.298163Z"},{"id":693,"fincertId":"FINCERT-2026-000693","incidentId":7805,"idempotencyKey":"incident-7805","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:45.047162Z","receivedAt":"2026-05-15T20:48:45.060576Z"},{"id":692,"fincertId":"FINCERT-2026-000692","incidentId":7804,"idempotencyKey":"incident-7804","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:45.015571Z","receivedAt":"2026-05-15T20:48:45.036567Z"},{"id":691,"fincertId":"FINCERT-2026-000691","incidentId":7801,"idempotencyKey":"incident-7801","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:48:44.919709Z","receivedAt":"2026-05-15T20:48:44.936671Z"},{"id":690,"fincertId":"FINCERT-2026-000690","incidentId":7800,"idempotencyKey":"incident-7800","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:48:44.884895Z","receivedAt":"2026-05-15T20:48:44.901885Z"},{"id":689,"fincertId":"FINCERT-2026-000689","incidentId":7784,"idempotencyKey":"incident-7784","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:44.579825Z","receivedAt":"2026-05-15T20:48:44.593983Z"},{"id":688,"fincertId":"FINCERT-2026-000688","incidentId":7774,"idempotencyKey":"incident-7774","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:44.371600Z","receivedAt":"2026-05-15T20:48:44.386001Z"},{"id":687,"fincertId":"FINCERT-2026-000687","incidentId":7773,"idempotencyKey":"incident-7773","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:44.320651Z","receivedAt":"2026-05-15T20:48:44.351702Z"},{"id":686,"fincertId":"FINCERT-2026-000686","incidentId":7771,"idempotencyKey":"incident-7771","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:44.274702Z","receivedAt":"2026-05-15T20:48:44.290860Z"},{"id":685,"fincertId":"FINCERT-2026-000685","incidentId":7770,"idempotencyKey":"incident-7770","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:44.239436Z","receivedAt":"2026-05-15T20:48:44.253679Z"},{"id":684,"fincertId":"FINCERT-2026-000684","incidentId":7769,"idempotencyKey":"incident-7769","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:44.202367Z","receivedAt":"2026-05-15T20:48:44.218900Z"},{"id":683,"fincertId":"FINCERT-2026-000683","incidentId":7768,"idempotencyKey":"incident-7768","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:44.140530Z","receivedAt":"2026-05-15T20:48:44.188834Z"},{"id":682,"fincertId":"FINCERT-2026-000682","incidentId":7764,"idempotencyKey":"incident-7764","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:44.038429Z","receivedAt":"2026-05-15T20:48:44.059043Z"},{"id":681,"fincertId":"FINCERT-2026-000681","incidentId":7757,"idempotencyKey":"incident-7757","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:43.874441Z","receivedAt":"2026-05-15T20:48:43.889418Z"},{"id":680,"fincertId":"FINCERT-2026-000680","incidentId":7756,"idempotencyKey":"incident-7756","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:43.853849Z","receivedAt":"2026-05-15T20:48:43.867226Z"},{"id":679,"fincertId":"FINCERT-2026-000679","incidentId":7755,"idempotencyKey":"incident-7755","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:43.823195Z","receivedAt":"2026-05-15T20:48:43.846701Z"},{"id":678,"fincertId":"FINCERT-2026-000678","incidentId":7752,"idempotencyKey":"incident-7752","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:43.746461Z","receivedAt":"2026-05-15T20:48:43.764430Z"},{"id":677,"fincertId":"FINCERT-2026-000677","incidentId":7749,"idempotencyKey":"incident-7749","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:43.687827Z","receivedAt":"2026-05-15T20:48:43.703336Z"},{"id":676,"fincertId":"FINCERT-2026-000676","incidentId":7747,"idempotencyKey":"incident-7747","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:43.635379Z","receivedAt":"2026-05-15T20:48:43.660912Z"},{"id":675,"fincertId":"FINCERT-2026-000675","incidentId":7746,"idempotencyKey":"incident-7746","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:43.594547Z","receivedAt":"2026-05-15T20:48:43.616758Z"},{"id":674,"fincertId":"FINCERT-2026-000674","incidentId":7745,"idempotencyKey":"incident-7745","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:43.570003Z","receivedAt":"2026-05-15T20:48:43.586044Z"},{"id":673,"fincertId":"FINCERT-2026-000673","incidentId":7732,"idempotencyKey":"incident-7732","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:43.303097Z","receivedAt":"2026-05-15T20:48:43.328104Z"},{"id":672,"fincertId":"FINCERT-2026-000672","incidentId":7731,"idempotencyKey":"incident-7731","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:43.265056Z","receivedAt":"2026-05-15T20:48:43.280340Z"},{"id":671,"fincertId":"FINCERT-2026-000671","incidentId":7728,"idempotencyKey":"incident-7728","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:43.195445Z","receivedAt":"2026-05-15T20:48:43.211630Z"},{"id":670,"fincertId":"FINCERT-2026-000670","incidentId":7726,"idempotencyKey":"incident-7726","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:43.154732Z","receivedAt":"2026-05-15T20:48:43.169701Z"},{"id":669,"fincertId":"FINCERT-2026-000669","incidentId":7725,"idempotencyKey":"incident-7725","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:43.093988Z","receivedAt":"2026-05-15T20:48:43.115876Z"},{"id":668,"fincertId":"FINCERT-2026-000668","incidentId":7721,"idempotencyKey":"incident-7721","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:42.962345Z","receivedAt":"2026-05-15T20:48:42.990272Z"},{"id":667,"fincertId":"FINCERT-2026-000667","incidentId":7713,"idempotencyKey":"incident-7713","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:42.783969Z","receivedAt":"2026-05-15T20:48:42.797336Z"},{"id":666,"fincertId":"FINCERT-2026-000666","incidentId":7704,"idempotencyKey":"incident-7704","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:42.565844Z","receivedAt":"2026-05-15T20:48:42.610573Z"},{"id":665,"fincertId":"FINCERT-2026-000665","incidentId":7698,"idempotencyKey":"incident-7698","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:42.440531Z","receivedAt":"2026-05-15T20:48:42.454893Z"},{"id":664,"fincertId":"FINCERT-2026-000664","incidentId":7695,"idempotencyKey":"incident-7695","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:42.372618Z","receivedAt":"2026-05-15T20:48:42.394072Z"},{"id":663,"fincertId":"FINCERT-2026-000663","incidentId":7689,"idempotencyKey":"incident-7689","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:42.193857Z","receivedAt":"2026-05-15T20:48:42.222592Z"},{"id":662,"fincertId":"FINCERT-2026-000662","incidentId":7688,"idempotencyKey":"incident-7688","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:42.128305Z","receivedAt":"2026-05-15T20:48:42.166889Z"},{"id":661,"fincertId":"FINCERT-2026-000661","incidentId":7687,"idempotencyKey":"incident-7687","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:42.073271Z","receivedAt":"2026-05-15T20:48:42.097366Z"},{"id":660,"fincertId":"FINCERT-2026-000660","incidentId":7684,"idempotencyKey":"incident-7684","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:41.939452Z","receivedAt":"2026-05-15T20:48:41.954914Z"},{"id":659,"fincertId":"FINCERT-2026-000659","incidentId":7677,"idempotencyKey":"incident-7677","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:41.734879Z","receivedAt":"2026-05-15T20:48:41.768168Z"},{"id":658,"fincertId":"FINCERT-2026-000658","incidentId":7669,"idempotencyKey":"incident-7669","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:41.302928Z","receivedAt":"2026-05-15T20:48:41.371874Z"},{"id":657,"fincertId":"FINCERT-2026-000657","incidentId":7667,"idempotencyKey":"incident-7667","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:41.222931Z","receivedAt":"2026-05-15T20:48:41.249551Z"},{"id":656,"fincertId":"FINCERT-2026-000656","incidentId":7663,"idempotencyKey":"incident-7663","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:41.095773Z","receivedAt":"2026-05-15T20:48:41.117843Z"},{"id":655,"fincertId":"FINCERT-2026-000655","incidentId":7661,"idempotencyKey":"incident-7661","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:41.032415Z","receivedAt":"2026-05-15T20:48:41.054775Z"},{"id":654,"fincertId":"FINCERT-2026-000654","incidentId":7659,"idempotencyKey":"incident-7659","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:40.942608Z","receivedAt":"2026-05-15T20:48:40.970524Z"},{"id":653,"fincertId":"FINCERT-2026-000653","incidentId":7650,"idempotencyKey":"incident-7650","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:40.751Z","receivedAt":"2026-05-15T20:48:40.766346Z"},{"id":652,"fincertId":"FINCERT-2026-000652","incidentId":7649,"idempotencyKey":"incident-7649","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:40.728705Z","receivedAt":"2026-05-15T20:48:40.743199Z"},{"id":651,"fincertId":"FINCERT-2026-000651","incidentId":7646,"idempotencyKey":"incident-7646","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:40.670336Z","receivedAt":"2026-05-15T20:48:40.686598Z"},{"id":650,"fincertId":"FINCERT-2026-000650","incidentId":7641,"idempotencyKey":"incident-7641","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:40.525607Z","receivedAt":"2026-05-15T20:48:40.552470Z"},{"id":649,"fincertId":"FINCERT-2026-000649","incidentId":7639,"idempotencyKey":"incident-7639","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:40.431840Z","receivedAt":"2026-05-15T20:48:40.472790Z"},{"id":648,"fincertId":"FINCERT-2026-000648","incidentId":7637,"idempotencyKey":"incident-7637","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:40.330821Z","receivedAt":"2026-05-15T20:48:40.400094Z"},{"id":647,"fincertId":"FINCERT-2026-000647","incidentId":7631,"idempotencyKey":"incident-7631","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:39.891710Z","receivedAt":"2026-05-15T20:48:40.033617Z"},{"id":646,"fincertId":"FINCERT-2026-000646","incidentId":7630,"idempotencyKey":"incident-7630","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:39.745082Z","receivedAt":"2026-05-15T20:48:39.819707Z"},{"id":645,"fincertId":"FINCERT-2026-000645","incidentId":7629,"idempotencyKey":"incident-7629","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:39.655512Z","receivedAt":"2026-05-15T20:48:39.712898Z"},{"id":644,"fincertId":"FINCERT-2026-000644","incidentId":7627,"idempotencyKey":"incident-7627","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:39.501950Z","receivedAt":"2026-05-15T20:48:39.576107Z"},{"id":643,"fincertId":"FINCERT-2026-000643","incidentId":7626,"idempotencyKey":"incident-7626","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:39.353336Z","receivedAt":"2026-05-15T20:48:39.433060Z"},{"id":642,"fincertId":"FINCERT-2026-000642","incidentId":7621,"idempotencyKey":"incident-7621","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:39.093713Z","receivedAt":"2026-05-15T20:48:39.121090Z"},{"id":641,"fincertId":"FINCERT-2026-000641","incidentId":7620,"idempotencyKey":"incident-7620","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:38.990316Z","receivedAt":"2026-05-15T20:48:39.075682Z"},{"id":640,"fincertId":"FINCERT-2026-000640","incidentId":7619,"idempotencyKey":"incident-7619","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:38.923525Z","receivedAt":"2026-05-15T20:48:38.950494Z"},{"id":639,"fincertId":"FINCERT-2026-000639","incidentId":7617,"idempotencyKey":"incident-7617","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:38.773210Z","receivedAt":"2026-05-15T20:48:38.849008Z"},{"id":638,"fincertId":"FINCERT-2026-000638","incidentId":7615,"idempotencyKey":"incident-7615","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:38.635554Z","receivedAt":"2026-05-15T20:48:38.704750Z"},{"id":637,"fincertId":"FINCERT-2026-000637","incidentId":7614,"idempotencyKey":"incident-7614","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:38.568058Z","receivedAt":"2026-05-15T20:48:38.598037Z"},{"id":636,"fincertId":"FINCERT-2026-000636","incidentId":7608,"idempotencyKey":"incident-7608","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:48:38.319346Z","receivedAt":"2026-05-15T20:48:38.355946Z"},{"id":635,"fincertId":"FINCERT-2026-000635","incidentId":7607,"idempotencyKey":"incident-7607","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:38.268791Z","receivedAt":"2026-05-15T20:48:38.296612Z"},{"id":634,"fincertId":"FINCERT-2026-000634","incidentId":7604,"idempotencyKey":"incident-7604","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:38.049152Z","receivedAt":"2026-05-15T20:48:38.092118Z"},{"id":633,"fincertId":"FINCERT-2026-000633","incidentId":7601,"idempotencyKey":"incident-7601","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:37.830200Z","receivedAt":"2026-05-15T20:48:37.911052Z"},{"id":632,"fincertId":"FINCERT-2026-000632","incidentId":7600,"idempotencyKey":"incident-7600","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:37.754352Z","receivedAt":"2026-05-15T20:48:37.806346Z"},{"id":631,"fincertId":"FINCERT-2026-000631","incidentId":7599,"idempotencyKey":"incident-7599","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:37.668826Z","receivedAt":"2026-05-15T20:48:37.692934Z"},{"id":630,"fincertId":"FINCERT-2026-000630","incidentId":7595,"idempotencyKey":"incident-7595","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:37.404117Z","receivedAt":"2026-05-15T20:48:37.479334Z"},{"id":629,"fincertId":"FINCERT-2026-000629","incidentId":7593,"idempotencyKey":"incident-7593","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:48:37.256532Z","receivedAt":"2026-05-15T20:48:37.288128Z"},{"id":628,"fincertId":"FINCERT-2026-000628","incidentId":7587,"idempotencyKey":"incident-7587","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:36.983672Z","receivedAt":"2026-05-15T20:48:37.020932Z"},{"id":627,"fincertId":"FINCERT-2026-000627","incidentId":7586,"idempotencyKey":"incident-7586","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:36.888681Z","receivedAt":"2026-05-15T20:48:36.925719Z"},{"id":626,"fincertId":"FINCERT-2026-000626","incidentId":7584,"idempotencyKey":"incident-7584","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:48:36.789478Z","receivedAt":"2026-05-15T20:48:36.826061Z"},{"id":625,"fincertId":"FINCERT-2026-000625","incidentId":7582,"idempotencyKey":"incident-7582","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:48:36.626404Z","receivedAt":"2026-05-15T20:48:36.685134Z"},{"id":624,"fincertId":"FINCERT-2026-000624","incidentId":7579,"idempotencyKey":"incident-7579","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:48:16.579659Z","receivedAt":"2026-05-15T20:48:16.600129Z"},{"id":623,"fincertId":"FINCERT-2026-000623","incidentId":7578,"idempotencyKey":"incident-7578","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:06.579118Z","receivedAt":"2026-05-15T20:48:06.608647Z"},{"id":622,"fincertId":"FINCERT-2026-000622","incidentId":7575,"idempotencyKey":"incident-7575","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:48:03.581638Z","receivedAt":"2026-05-15T20:48:03.602104Z"},{"id":621,"fincertId":"FINCERT-2026-000621","incidentId":7571,"idempotencyKey":"incident-7571","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:59.579528Z","receivedAt":"2026-05-15T20:47:59.601160Z"},{"id":620,"fincertId":"FINCERT-2026-000620","incidentId":7569,"idempotencyKey":"incident-7569","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:57.576935Z","receivedAt":"2026-05-15T20:47:57.594371Z"},{"id":619,"fincertId":"FINCERT-2026-000619","incidentId":7568,"idempotencyKey":"incident-7568","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:47:56.578605Z","receivedAt":"2026-05-15T20:47:56.601076Z"},{"id":618,"fincertId":"FINCERT-2026-000618","incidentId":7564,"idempotencyKey":"incident-7564","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:52.586793Z","receivedAt":"2026-05-15T20:47:52.634227Z"},{"id":617,"fincertId":"FINCERT-2026-000617","incidentId":7563,"idempotencyKey":"incident-7563","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:51.579821Z","receivedAt":"2026-05-15T20:47:51.603684Z"},{"id":616,"fincertId":"FINCERT-2026-000616","incidentId":7559,"idempotencyKey":"incident-7559","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:47.579445Z","receivedAt":"2026-05-15T20:47:47.604481Z"},{"id":615,"fincertId":"FINCERT-2026-000615","incidentId":7556,"idempotencyKey":"incident-7556","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:47:44.577924Z","receivedAt":"2026-05-15T20:47:44.595589Z"},{"id":614,"fincertId":"FINCERT-2026-000614","incidentId":7555,"idempotencyKey":"incident-7555","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:43.581131Z","receivedAt":"2026-05-15T20:47:43.599449Z"},{"id":613,"fincertId":"FINCERT-2026-000613","incidentId":7554,"idempotencyKey":"incident-7554","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:42.582740Z","receivedAt":"2026-05-15T20:47:42.602477Z"},{"id":612,"fincertId":"FINCERT-2026-000612","incidentId":7552,"idempotencyKey":"incident-7552","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:40.578744Z","receivedAt":"2026-05-15T20:47:40.597864Z"},{"id":611,"fincertId":"FINCERT-2026-000611","incidentId":7551,"idempotencyKey":"incident-7551","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:39.581459Z","receivedAt":"2026-05-15T20:47:39.603911Z"},{"id":610,"fincertId":"FINCERT-2026-000610","incidentId":7549,"idempotencyKey":"incident-7549","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:38.443568Z","receivedAt":"2026-05-15T20:47:38.474078Z"},{"id":609,"fincertId":"FINCERT-2026-000609","incidentId":7548,"idempotencyKey":"incident-7548","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:47:38.390931Z","receivedAt":"2026-05-15T20:47:38.435275Z"},{"id":608,"fincertId":"FINCERT-2026-000608","incidentId":7547,"idempotencyKey":"incident-7547","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:38.307687Z","receivedAt":"2026-05-15T20:47:38.351950Z"},{"id":607,"fincertId":"FINCERT-2026-000607","incidentId":7546,"idempotencyKey":"incident-7546","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:38.279371Z","receivedAt":"2026-05-15T20:47:38.298322Z"},{"id":606,"fincertId":"FINCERT-2026-000606","incidentId":7544,"idempotencyKey":"incident-7544","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:47:38.238629Z","receivedAt":"2026-05-15T20:47:38.252756Z"},{"id":605,"fincertId":"FINCERT-2026-000605","incidentId":7536,"idempotencyKey":"incident-7536","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:38.042269Z","receivedAt":"2026-05-15T20:47:38.055937Z"},{"id":604,"fincertId":"FINCERT-2026-000604","incidentId":7530,"idempotencyKey":"incident-7530","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:47:37.892988Z","receivedAt":"2026-05-15T20:47:37.911314Z"},{"id":603,"fincertId":"FINCERT-2026-000603","incidentId":7529,"idempotencyKey":"incident-7529","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:47:37.824883Z","receivedAt":"2026-05-15T20:47:37.852886Z"},{"id":602,"fincertId":"FINCERT-2026-000602","incidentId":7527,"idempotencyKey":"incident-7527","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:37.745743Z","receivedAt":"2026-05-15T20:47:37.765489Z"},{"id":601,"fincertId":"FINCERT-2026-000601","incidentId":7523,"idempotencyKey":"incident-7523","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:37.624284Z","receivedAt":"2026-05-15T20:47:37.671678Z"},{"id":600,"fincertId":"FINCERT-2026-000600","incidentId":7518,"idempotencyKey":"incident-7518","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:37.488401Z","receivedAt":"2026-05-15T20:47:37.507412Z"},{"id":599,"fincertId":"FINCERT-2026-000599","incidentId":7516,"idempotencyKey":"incident-7516","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:37.426373Z","receivedAt":"2026-05-15T20:47:37.441661Z"},{"id":598,"fincertId":"FINCERT-2026-000598","incidentId":7512,"idempotencyKey":"incident-7512","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:37.269764Z","receivedAt":"2026-05-15T20:47:37.291748Z"},{"id":597,"fincertId":"FINCERT-2026-000597","incidentId":7511,"idempotencyKey":"incident-7511","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:47:37.230020Z","receivedAt":"2026-05-15T20:47:37.245884Z"},{"id":596,"fincertId":"FINCERT-2026-000596","incidentId":7502,"idempotencyKey":"incident-7502","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:37.042540Z","receivedAt":"2026-05-15T20:47:37.057404Z"},{"id":595,"fincertId":"FINCERT-2026-000595","incidentId":7500,"idempotencyKey":"incident-7500","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:47:36.998728Z","receivedAt":"2026-05-15T20:47:37.015718Z"},{"id":594,"fincertId":"FINCERT-2026-000594","incidentId":7499,"idempotencyKey":"incident-7499","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:47:36.952507Z","receivedAt":"2026-05-15T20:47:36.973670Z"},{"id":593,"fincertId":"FINCERT-2026-000593","incidentId":7493,"idempotencyKey":"incident-7493","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:47:36.800012Z","receivedAt":"2026-05-15T20:47:36.830837Z"},{"id":592,"fincertId":"FINCERT-2026-000592","incidentId":7483,"idempotencyKey":"incident-7483","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:47:36.527586Z","receivedAt":"2026-05-15T20:47:36.549284Z"},{"id":591,"fincertId":"FINCERT-2026-000591","incidentId":7477,"idempotencyKey":"incident-7477","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:36.375357Z","receivedAt":"2026-05-15T20:47:36.392522Z"},{"id":590,"fincertId":"FINCERT-2026-000590","incidentId":7465,"idempotencyKey":"incident-7465","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:36.072368Z","receivedAt":"2026-05-15T20:47:36.090947Z"},{"id":589,"fincertId":"FINCERT-2026-000589","incidentId":7451,"idempotencyKey":"incident-7451","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:35.694125Z","receivedAt":"2026-05-15T20:47:35.717580Z"},{"id":588,"fincertId":"FINCERT-2026-000588","incidentId":7448,"idempotencyKey":"incident-7448","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:47:35.584745Z","receivedAt":"2026-05-15T20:47:35.630889Z"},{"id":587,"fincertId":"FINCERT-2026-000587","incidentId":7444,"idempotencyKey":"incident-7444","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:31.578464Z","receivedAt":"2026-05-15T20:47:31.600144Z"},{"id":586,"fincertId":"FINCERT-2026-000586","incidentId":7442,"idempotencyKey":"incident-7442","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:29.580597Z","receivedAt":"2026-05-15T20:47:29.605774Z"},{"id":585,"fincertId":"FINCERT-2026-000585","incidentId":7438,"idempotencyKey":"incident-7438","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:47:25.577918Z","receivedAt":"2026-05-15T20:47:25.594432Z"},{"id":584,"fincertId":"FINCERT-2026-000584","incidentId":7436,"idempotencyKey":"incident-7436","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:47:23.578459Z","receivedAt":"2026-05-15T20:47:23.601071Z"},{"id":583,"fincertId":"FINCERT-2026-000583","incidentId":7433,"idempotencyKey":"incident-7433","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:47:20.577539Z","receivedAt":"2026-05-15T20:47:20.592132Z"},{"id":582,"fincertId":"FINCERT-2026-000582","incidentId":7430,"idempotencyKey":"incident-7430","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:17.577571Z","receivedAt":"2026-05-15T20:47:17.594507Z"},{"id":581,"fincertId":"FINCERT-2026-000581","incidentId":7428,"idempotencyKey":"incident-7428","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:47:15.579020Z","receivedAt":"2026-05-15T20:47:15.605875Z"},{"id":580,"fincertId":"FINCERT-2026-000580","incidentId":7419,"idempotencyKey":"incident-7419","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:47:06.594014Z","receivedAt":"2026-05-15T20:47:06.634349Z"},{"id":579,"fincertId":"FINCERT-2026-000579","incidentId":7413,"idempotencyKey":"incident-7413","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:47:00.579019Z","receivedAt":"2026-05-15T20:47:00.603726Z"},{"id":578,"fincertId":"FINCERT-2026-000578","incidentId":7409,"idempotencyKey":"incident-7409","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:56.578752Z","receivedAt":"2026-05-15T20:46:56.600318Z"},{"id":577,"fincertId":"FINCERT-2026-000577","incidentId":7408,"idempotencyKey":"incident-7408","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:55.578150Z","receivedAt":"2026-05-15T20:46:55.605017Z"},{"id":576,"fincertId":"FINCERT-2026-000576","incidentId":7399,"idempotencyKey":"incident-7399","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:46.577252Z","receivedAt":"2026-05-15T20:46:46.598060Z"},{"id":575,"fincertId":"FINCERT-2026-000575","incidentId":7396,"idempotencyKey":"incident-7396","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:43.581948Z","receivedAt":"2026-05-15T20:46:43.607093Z"},{"id":574,"fincertId":"FINCERT-2026-000574","incidentId":7395,"idempotencyKey":"incident-7395","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:46:42.578388Z","receivedAt":"2026-05-15T20:46:42.600114Z"},{"id":573,"fincertId":"FINCERT-2026-000573","incidentId":7392,"idempotencyKey":"incident-7392","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:46:39.577401Z","receivedAt":"2026-05-15T20:46:39.596400Z"},{"id":572,"fincertId":"FINCERT-2026-000572","incidentId":7388,"idempotencyKey":"incident-7388","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:35.576966Z","receivedAt":"2026-05-15T20:46:35.594998Z"},{"id":571,"fincertId":"FINCERT-2026-000571","incidentId":7386,"idempotencyKey":"incident-7386","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:46:33.577349Z","receivedAt":"2026-05-15T20:46:33.594022Z"},{"id":570,"fincertId":"FINCERT-2026-000570","incidentId":7383,"idempotencyKey":"incident-7383","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:30.576898Z","receivedAt":"2026-05-15T20:46:30.598711Z"},{"id":569,"fincertId":"FINCERT-2026-000569","incidentId":7378,"idempotencyKey":"incident-7378","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:25.578478Z","receivedAt":"2026-05-15T20:46:25.626658Z"},{"id":568,"fincertId":"FINCERT-2026-000568","incidentId":7375,"idempotencyKey":"incident-7375","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:46:22.580538Z","receivedAt":"2026-05-15T20:46:22.602246Z"},{"id":567,"fincertId":"FINCERT-2026-000567","incidentId":7373,"idempotencyKey":"incident-7373","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:20.577459Z","receivedAt":"2026-05-15T20:46:20.597385Z"},{"id":566,"fincertId":"FINCERT-2026-000566","incidentId":7371,"idempotencyKey":"incident-7371","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:46:18.578157Z","receivedAt":"2026-05-15T20:46:18.599794Z"},{"id":565,"fincertId":"FINCERT-2026-000565","incidentId":7362,"idempotencyKey":"incident-7362","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:46:09.579591Z","receivedAt":"2026-05-15T20:46:09.607054Z"},{"id":564,"fincertId":"FINCERT-2026-000564","incidentId":7356,"idempotencyKey":"incident-7356","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:46:03.578561Z","receivedAt":"2026-05-15T20:46:03.600614Z"},{"id":563,"fincertId":"FINCERT-2026-000563","incidentId":7355,"idempotencyKey":"incident-7355","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:46:02.580370Z","receivedAt":"2026-05-15T20:46:02.601459Z"},{"id":562,"fincertId":"FINCERT-2026-000562","incidentId":7352,"idempotencyKey":"incident-7352","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:45:59.579457Z","receivedAt":"2026-05-15T20:45:59.598353Z"},{"id":561,"fincertId":"FINCERT-2026-000561","incidentId":7351,"idempotencyKey":"incident-7351","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:45:58.578624Z","receivedAt":"2026-05-15T20:45:58.612777Z"},{"id":560,"fincertId":"FINCERT-2026-000560","incidentId":7348,"idempotencyKey":"incident-7348","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:45:55.579707Z","receivedAt":"2026-05-15T20:45:55.607414Z"},{"id":559,"fincertId":"FINCERT-2026-000559","incidentId":7342,"idempotencyKey":"incident-7342","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:45:49.578255Z","receivedAt":"2026-05-15T20:45:49.598138Z"},{"id":558,"fincertId":"FINCERT-2026-000558","incidentId":7339,"idempotencyKey":"incident-7339","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:45:46.587658Z","receivedAt":"2026-05-15T20:45:46.630422Z"},{"id":557,"fincertId":"FINCERT-2026-000557","incidentId":7335,"idempotencyKey":"incident-7335","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:45:42.578510Z","receivedAt":"2026-05-15T20:45:42.597463Z"},{"id":556,"fincertId":"FINCERT-2026-000556","incidentId":7334,"idempotencyKey":"incident-7334","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:45:41.578808Z","receivedAt":"2026-05-15T20:45:41.597352Z"},{"id":555,"fincertId":"FINCERT-2026-000555","incidentId":7333,"idempotencyKey":"incident-7333","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:45:40.578861Z","receivedAt":"2026-05-15T20:45:40.600888Z"},{"id":554,"fincertId":"FINCERT-2026-000554","incidentId":7330,"idempotencyKey":"incident-7330","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:45:37.577294Z","receivedAt":"2026-05-15T20:45:37.595759Z"},{"id":553,"fincertId":"FINCERT-2026-000553","incidentId":7329,"idempotencyKey":"incident-7329","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:45:36.576755Z","receivedAt":"2026-05-15T20:45:36.597132Z"},{"id":552,"fincertId":"FINCERT-2026-000552","incidentId":7319,"idempotencyKey":"incident-7319","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:45:26.577001Z","receivedAt":"2026-05-15T20:45:26.597663Z"},{"id":551,"fincertId":"FINCERT-2026-000551","incidentId":7317,"idempotencyKey":"incident-7317","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:45:24.584636Z","receivedAt":"2026-05-15T20:45:24.605697Z"},{"id":550,"fincertId":"FINCERT-2026-000550","incidentId":7314,"idempotencyKey":"incident-7314","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:45:21.577453Z","receivedAt":"2026-05-15T20:45:21.601335Z"},{"id":549,"fincertId":"FINCERT-2026-000549","incidentId":7308,"idempotencyKey":"incident-7308","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:45:15.579159Z","receivedAt":"2026-05-15T20:45:15.598848Z"},{"id":548,"fincertId":"FINCERT-2026-000548","incidentId":7304,"idempotencyKey":"incident-7304","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:45:11.578444Z","receivedAt":"2026-05-15T20:45:11.596779Z"},{"id":547,"fincertId":"FINCERT-2026-000547","incidentId":7302,"idempotencyKey":"incident-7302","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:45:09.578265Z","receivedAt":"2026-05-15T20:45:09.600656Z"},{"id":546,"fincertId":"FINCERT-2026-000546","incidentId":7291,"idempotencyKey":"incident-7291","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:44:58.578593Z","receivedAt":"2026-05-15T20:44:58.599968Z"},{"id":545,"fincertId":"FINCERT-2026-000545","incidentId":7279,"idempotencyKey":"incident-7279","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:46.579823Z","receivedAt":"2026-05-15T20:44:46.605313Z"},{"id":544,"fincertId":"FINCERT-2026-000544","incidentId":7277,"idempotencyKey":"incident-7277","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:44.577617Z","receivedAt":"2026-05-15T20:44:44.602402Z"},{"id":543,"fincertId":"FINCERT-2026-000543","incidentId":7273,"idempotencyKey":"incident-7273","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:44:40.580433Z","receivedAt":"2026-05-15T20:44:40.601792Z"},{"id":542,"fincertId":"FINCERT-2026-000542","incidentId":7272,"idempotencyKey":"incident-7272","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:44:39.579062Z","receivedAt":"2026-05-15T20:44:39.601763Z"},{"id":541,"fincertId":"FINCERT-2026-000541","incidentId":7271,"idempotencyKey":"incident-7271","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:38.577618Z","receivedAt":"2026-05-15T20:44:38.594404Z"},{"id":540,"fincertId":"FINCERT-2026-000540","incidentId":7269,"idempotencyKey":"incident-7269","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:44:36.582785Z","receivedAt":"2026-05-15T20:44:36.601041Z"},{"id":539,"fincertId":"FINCERT-2026-000539","incidentId":7267,"idempotencyKey":"incident-7267","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:44:34.603574Z","receivedAt":"2026-05-15T20:44:34.627408Z"},{"id":538,"fincertId":"FINCERT-2026-000538","incidentId":7264,"idempotencyKey":"incident-7264","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:31.578057Z","receivedAt":"2026-05-15T20:44:31.599991Z"},{"id":537,"fincertId":"FINCERT-2026-000537","incidentId":7261,"idempotencyKey":"incident-7261","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:44:28.579057Z","receivedAt":"2026-05-15T20:44:28.600868Z"},{"id":536,"fincertId":"FINCERT-2026-000536","incidentId":7255,"idempotencyKey":"incident-7255","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:22.577430Z","receivedAt":"2026-05-15T20:44:22.596491Z"},{"id":535,"fincertId":"FINCERT-2026-000535","incidentId":7254,"idempotencyKey":"incident-7254","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:21.577941Z","receivedAt":"2026-05-15T20:44:21.592872Z"},{"id":534,"fincertId":"FINCERT-2026-000534","incidentId":7253,"idempotencyKey":"incident-7253","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:20.578131Z","receivedAt":"2026-05-15T20:44:20.596907Z"},{"id":533,"fincertId":"FINCERT-2026-000533","incidentId":7246,"idempotencyKey":"incident-7246","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:44:13.581085Z","receivedAt":"2026-05-15T20:44:13.600074Z"},{"id":532,"fincertId":"FINCERT-2026-000532","incidentId":7244,"idempotencyKey":"incident-7244","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:11.578589Z","receivedAt":"2026-05-15T20:44:11.597816Z"},{"id":531,"fincertId":"FINCERT-2026-000531","incidentId":7241,"idempotencyKey":"incident-7241","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:08.589105Z","receivedAt":"2026-05-15T20:44:08.629059Z"},{"id":530,"fincertId":"FINCERT-2026-000530","incidentId":7239,"idempotencyKey":"incident-7239","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:06.579579Z","receivedAt":"2026-05-15T20:44:06.605811Z"},{"id":529,"fincertId":"FINCERT-2026-000529","incidentId":7236,"idempotencyKey":"incident-7236","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:03.589317Z","receivedAt":"2026-05-15T20:44:03.613476Z"},{"id":528,"fincertId":"FINCERT-2026-000528","incidentId":7234,"idempotencyKey":"incident-7234","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:44:01.577935Z","receivedAt":"2026-05-15T20:44:01.596617Z"},{"id":527,"fincertId":"FINCERT-2026-000527","incidentId":7233,"idempotencyKey":"incident-7233","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:44:00.578102Z","receivedAt":"2026-05-15T20:44:00.594369Z"},{"id":526,"fincertId":"FINCERT-2026-000526","incidentId":7230,"idempotencyKey":"incident-7230","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:43:57.580492Z","receivedAt":"2026-05-15T20:43:57.604237Z"},{"id":525,"fincertId":"FINCERT-2026-000525","incidentId":7228,"idempotencyKey":"incident-7228","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:43:55.579033Z","receivedAt":"2026-05-15T20:43:55.605784Z"},{"id":524,"fincertId":"FINCERT-2026-000524","incidentId":7226,"idempotencyKey":"incident-7226","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:43:53.579305Z","receivedAt":"2026-05-15T20:43:53.595325Z"},{"id":523,"fincertId":"FINCERT-2026-000523","incidentId":7222,"idempotencyKey":"incident-7222","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:43:49.585445Z","receivedAt":"2026-05-15T20:43:49.606438Z"},{"id":522,"fincertId":"FINCERT-2026-000522","incidentId":7220,"idempotencyKey":"incident-7220","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:43:47.578755Z","receivedAt":"2026-05-15T20:43:47.604294Z"},{"id":521,"fincertId":"FINCERT-2026-000521","incidentId":7216,"idempotencyKey":"incident-7216","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:43:43.578021Z","receivedAt":"2026-05-15T20:43:43.593665Z"},{"id":520,"fincertId":"FINCERT-2026-000520","incidentId":7215,"idempotencyKey":"incident-7215","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:43:42.578028Z","receivedAt":"2026-05-15T20:43:42.597534Z"},{"id":519,"fincertId":"FINCERT-2026-000519","incidentId":7212,"idempotencyKey":"incident-7212","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:43:39.577030Z","receivedAt":"2026-05-15T20:43:39.598314Z"},{"id":518,"fincertId":"FINCERT-2026-000518","incidentId":7207,"idempotencyKey":"incident-7207","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:43:34.577461Z","receivedAt":"2026-05-15T20:43:34.601108Z"},{"id":517,"fincertId":"FINCERT-2026-000517","incidentId":7202,"idempotencyKey":"incident-7202","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:43:29.586255Z","receivedAt":"2026-05-15T20:43:29.604435Z"},{"id":516,"fincertId":"FINCERT-2026-000516","incidentId":7195,"idempotencyKey":"incident-7195","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:43:22.578047Z","receivedAt":"2026-05-15T20:43:22.597651Z"},{"id":515,"fincertId":"FINCERT-2026-000515","incidentId":7193,"idempotencyKey":"incident-7193","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:43:20.577311Z","receivedAt":"2026-05-15T20:43:20.591792Z"},{"id":514,"fincertId":"FINCERT-2026-000514","incidentId":7190,"idempotencyKey":"incident-7190","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:43:17.578400Z","receivedAt":"2026-05-15T20:43:17.593627Z"},{"id":513,"fincertId":"FINCERT-2026-000513","incidentId":7189,"idempotencyKey":"incident-7189","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:43:16.578655Z","receivedAt":"2026-05-15T20:43:16.594863Z"},{"id":512,"fincertId":"FINCERT-2026-000512","incidentId":7186,"idempotencyKey":"incident-7186","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:43:13.579070Z","receivedAt":"2026-05-15T20:43:13.602Z"},{"id":511,"fincertId":"FINCERT-2026-000511","incidentId":7182,"idempotencyKey":"incident-7182","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:43:09.579494Z","receivedAt":"2026-05-15T20:43:09.601821Z"},{"id":510,"fincertId":"FINCERT-2026-000510","incidentId":7176,"idempotencyKey":"incident-7176","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:43:03.579244Z","receivedAt":"2026-05-15T20:43:03.617144Z"},{"id":509,"fincertId":"FINCERT-2026-000509","incidentId":7174,"idempotencyKey":"incident-7174","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:43:01.587742Z","receivedAt":"2026-05-15T20:43:01.613775Z"},{"id":508,"fincertId":"FINCERT-2026-000508","incidentId":7173,"idempotencyKey":"incident-7173","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:43:00.577577Z","receivedAt":"2026-05-15T20:43:00.592624Z"},{"id":507,"fincertId":"FINCERT-2026-000507","incidentId":7172,"idempotencyKey":"incident-7172","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:42:59.582112Z","receivedAt":"2026-05-15T20:42:59.627559Z"},{"id":506,"fincertId":"FINCERT-2026-000506","incidentId":7169,"idempotencyKey":"incident-7169","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:42:56.577629Z","receivedAt":"2026-05-15T20:42:56.594927Z"},{"id":505,"fincertId":"FINCERT-2026-000505","incidentId":7168,"idempotencyKey":"incident-7168","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:42:55.577814Z","receivedAt":"2026-05-15T20:42:55.596284Z"},{"id":504,"fincertId":"FINCERT-2026-000504","incidentId":7163,"idempotencyKey":"incident-7163","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:42:50.579776Z","receivedAt":"2026-05-15T20:42:50.598801Z"},{"id":503,"fincertId":"FINCERT-2026-000503","incidentId":7160,"idempotencyKey":"incident-7160","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:42:47.580030Z","receivedAt":"2026-05-15T20:42:47.597891Z"},{"id":502,"fincertId":"FINCERT-2026-000502","incidentId":7159,"idempotencyKey":"incident-7159","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:42:46.577750Z","receivedAt":"2026-05-15T20:42:46.592967Z"},{"id":501,"fincertId":"FINCERT-2026-000501","incidentId":7158,"idempotencyKey":"incident-7158","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:42:45.578965Z","receivedAt":"2026-05-15T20:42:45.594919Z"},{"id":500,"fincertId":"FINCERT-2026-000500","incidentId":7154,"idempotencyKey":"incident-7154","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:42:41.577556Z","receivedAt":"2026-05-15T20:42:41.606096Z"},{"id":499,"fincertId":"FINCERT-2026-000499","incidentId":7151,"idempotencyKey":"incident-7151","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:42:38.577503Z","receivedAt":"2026-05-15T20:42:38.595837Z"},{"id":498,"fincertId":"FINCERT-2026-000498","incidentId":7147,"idempotencyKey":"incident-7147","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:42:34.580704Z","receivedAt":"2026-05-15T20:42:34.600115Z"},{"id":497,"fincertId":"FINCERT-2026-000497","incidentId":7144,"idempotencyKey":"incident-7144","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:42:31.581417Z","receivedAt":"2026-05-15T20:42:31.620385Z"},{"id":496,"fincertId":"FINCERT-2026-000496","incidentId":7136,"idempotencyKey":"incident-7136","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:42:23.578588Z","receivedAt":"2026-05-15T20:42:23.594305Z"},{"id":495,"fincertId":"FINCERT-2026-000495","incidentId":7135,"idempotencyKey":"incident-7135","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:42:22.577662Z","receivedAt":"2026-05-15T20:42:22.596540Z"},{"id":494,"fincertId":"FINCERT-2026-000494","incidentId":7134,"idempotencyKey":"incident-7134","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:42:21.581663Z","receivedAt":"2026-05-15T20:42:21.602624Z"},{"id":493,"fincertId":"FINCERT-2026-000493","incidentId":7132,"idempotencyKey":"incident-7132","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:42:19.578882Z","receivedAt":"2026-05-15T20:42:19.604787Z"},{"id":492,"fincertId":"FINCERT-2026-000492","incidentId":7121,"idempotencyKey":"incident-7121","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:42:08.577016Z","receivedAt":"2026-05-15T20:42:08.593012Z"},{"id":491,"fincertId":"FINCERT-2026-000491","incidentId":7120,"idempotencyKey":"incident-7120","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:42:07.577563Z","receivedAt":"2026-05-15T20:42:07.598540Z"},{"id":490,"fincertId":"FINCERT-2026-000490","incidentId":7118,"idempotencyKey":"incident-7118","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:42:05.581922Z","receivedAt":"2026-05-15T20:42:05.601512Z"},{"id":489,"fincertId":"FINCERT-2026-000489","incidentId":7116,"idempotencyKey":"incident-7116","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:42:03.578486Z","receivedAt":"2026-05-15T20:42:03.602100Z"},{"id":488,"fincertId":"FINCERT-2026-000488","incidentId":7115,"idempotencyKey":"incident-7115","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:42:02.577954Z","receivedAt":"2026-05-15T20:42:02.598130Z"},{"id":487,"fincertId":"FINCERT-2026-000487","incidentId":7111,"idempotencyKey":"incident-7111","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:41:58.577987Z","receivedAt":"2026-05-15T20:41:58.602004Z"},{"id":486,"fincertId":"FINCERT-2026-000486","incidentId":7096,"idempotencyKey":"incident-7096","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:41:43.580944Z","receivedAt":"2026-05-15T20:41:43.604600Z"},{"id":485,"fincertId":"FINCERT-2026-000485","incidentId":7093,"idempotencyKey":"incident-7093","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:41:40.579790Z","receivedAt":"2026-05-15T20:41:40.602293Z"},{"id":484,"fincertId":"FINCERT-2026-000484","incidentId":7090,"idempotencyKey":"incident-7090","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:41:37.581227Z","receivedAt":"2026-05-15T20:41:37.610039Z"},{"id":483,"fincertId":"FINCERT-2026-000483","incidentId":7089,"idempotencyKey":"incident-7089","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:41:36.578342Z","receivedAt":"2026-05-15T20:41:36.600069Z"},{"id":482,"fincertId":"FINCERT-2026-000482","incidentId":7083,"idempotencyKey":"incident-7083","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:41:30.579765Z","receivedAt":"2026-05-15T20:41:30.601959Z"},{"id":481,"fincertId":"FINCERT-2026-000481","incidentId":7078,"idempotencyKey":"incident-7078","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:41:25.579795Z","receivedAt":"2026-05-15T20:41:25.599285Z"},{"id":480,"fincertId":"FINCERT-2026-000480","incidentId":7074,"idempotencyKey":"incident-7074","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:41:21.582670Z","receivedAt":"2026-05-15T20:41:21.604651Z"},{"id":479,"fincertId":"FINCERT-2026-000479","incidentId":7071,"idempotencyKey":"incident-7071","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:41:18.583835Z","receivedAt":"2026-05-15T20:41:18.607892Z"},{"id":478,"fincertId":"FINCERT-2026-000478","incidentId":7070,"idempotencyKey":"incident-7070","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:41:17.578211Z","receivedAt":"2026-05-15T20:41:17.598401Z"},{"id":477,"fincertId":"FINCERT-2026-000477","incidentId":7064,"idempotencyKey":"incident-7064","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:41:11.580299Z","receivedAt":"2026-05-15T20:41:11.600428Z"},{"id":476,"fincertId":"FINCERT-2026-000476","incidentId":7057,"idempotencyKey":"incident-7057","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:41:04.580342Z","receivedAt":"2026-05-15T20:41:04.612343Z"},{"id":475,"fincertId":"FINCERT-2026-000475","incidentId":7055,"idempotencyKey":"incident-7055","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:41:02.578529Z","receivedAt":"2026-05-15T20:41:02.598319Z"},{"id":474,"fincertId":"FINCERT-2026-000474","incidentId":7051,"idempotencyKey":"incident-7051","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:40:58.578585Z","receivedAt":"2026-05-15T20:40:58.609375Z"},{"id":473,"fincertId":"FINCERT-2026-000473","incidentId":7045,"idempotencyKey":"incident-7045","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:40:52.579370Z","receivedAt":"2026-05-15T20:40:52.610472Z"},{"id":472,"fincertId":"FINCERT-2026-000472","incidentId":7040,"idempotencyKey":"incident-7040","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:40:47.581640Z","receivedAt":"2026-05-15T20:40:47.607262Z"},{"id":471,"fincertId":"FINCERT-2026-000471","incidentId":7036,"idempotencyKey":"incident-7036","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:40:43.581363Z","receivedAt":"2026-05-15T20:40:43.614982Z"},{"id":470,"fincertId":"FINCERT-2026-000470","incidentId":7033,"idempotencyKey":"incident-7033","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:40:40.579356Z","receivedAt":"2026-05-15T20:40:40.613127Z"},{"id":469,"fincertId":"FINCERT-2026-000469","incidentId":7030,"idempotencyKey":"incident-7030","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:40:37.579794Z","receivedAt":"2026-05-15T20:40:37.600280Z"},{"id":468,"fincertId":"FINCERT-2026-000468","incidentId":7029,"idempotencyKey":"incident-7029","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:40:36.578457Z","receivedAt":"2026-05-15T20:40:36.601707Z"},{"id":467,"fincertId":"FINCERT-2026-000467","incidentId":7028,"idempotencyKey":"incident-7028","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:40:35.580660Z","receivedAt":"2026-05-15T20:40:35.608969Z"},{"id":466,"fincertId":"FINCERT-2026-000466","incidentId":7026,"idempotencyKey":"incident-7026","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:40:33.590672Z","receivedAt":"2026-05-15T20:40:33.626287Z"},{"id":465,"fincertId":"FINCERT-2026-000465","incidentId":7009,"idempotencyKey":"incident-7009","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:40:16.584345Z","receivedAt":"2026-05-15T20:40:16.611313Z"},{"id":464,"fincertId":"FINCERT-2026-000464","incidentId":7008,"idempotencyKey":"incident-7008","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:40:15.579463Z","receivedAt":"2026-05-15T20:40:15.605831Z"},{"id":463,"fincertId":"FINCERT-2026-000463","incidentId":7006,"idempotencyKey":"incident-7006","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:40:13.582821Z","receivedAt":"2026-05-15T20:40:13.605340Z"},{"id":462,"fincertId":"FINCERT-2026-000462","incidentId":6991,"idempotencyKey":"incident-6991","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:39:58.578075Z","receivedAt":"2026-05-15T20:39:58.594714Z"},{"id":461,"fincertId":"FINCERT-2026-000461","incidentId":6989,"idempotencyKey":"incident-6989","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:39:56.581840Z","receivedAt":"2026-05-15T20:39:56.603603Z"},{"id":460,"fincertId":"FINCERT-2026-000460","incidentId":6987,"idempotencyKey":"incident-6987","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:39:54.578119Z","receivedAt":"2026-05-15T20:39:54.600930Z"},{"id":459,"fincertId":"FINCERT-2026-000459","incidentId":6986,"idempotencyKey":"incident-6986","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:39:53.589664Z","receivedAt":"2026-05-15T20:39:53.613085Z"},{"id":458,"fincertId":"FINCERT-2026-000458","incidentId":6982,"idempotencyKey":"incident-6982","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:39:49.584055Z","receivedAt":"2026-05-15T20:39:49.626924Z"},{"id":457,"fincertId":"FINCERT-2026-000457","incidentId":6975,"idempotencyKey":"incident-6975","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:39:42.578510Z","receivedAt":"2026-05-15T20:39:42.595989Z"},{"id":456,"fincertId":"FINCERT-2026-000456","incidentId":6973,"idempotencyKey":"incident-6973","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:39:40.578027Z","receivedAt":"2026-05-15T20:39:40.598355Z"},{"id":455,"fincertId":"FINCERT-2026-000455","incidentId":6971,"idempotencyKey":"incident-6971","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:39:38.579544Z","receivedAt":"2026-05-15T20:39:38.603833Z"},{"id":454,"fincertId":"FINCERT-2026-000454","incidentId":6966,"idempotencyKey":"incident-6966","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:39:33.584166Z","receivedAt":"2026-05-15T20:39:33.610636Z"},{"id":453,"fincertId":"FINCERT-2026-000453","incidentId":6960,"idempotencyKey":"incident-6960","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:39:27.579411Z","receivedAt":"2026-05-15T20:39:27.605687Z"},{"id":452,"fincertId":"FINCERT-2026-000452","incidentId":6943,"idempotencyKey":"incident-6943","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:39:10.578312Z","receivedAt":"2026-05-15T20:39:10.599669Z"},{"id":451,"fincertId":"FINCERT-2026-000451","incidentId":6934,"idempotencyKey":"incident-6934","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:39:01.579139Z","receivedAt":"2026-05-15T20:39:01.602112Z"},{"id":450,"fincertId":"FINCERT-2026-000450","incidentId":6927,"idempotencyKey":"incident-6927","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:38:54.579491Z","receivedAt":"2026-05-15T20:38:54.599893Z"},{"id":449,"fincertId":"FINCERT-2026-000449","incidentId":6922,"idempotencyKey":"incident-6922","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:38:49.579682Z","receivedAt":"2026-05-15T20:38:49.599114Z"},{"id":448,"fincertId":"FINCERT-2026-000448","incidentId":6920,"idempotencyKey":"incident-6920","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:38:47.592541Z","receivedAt":"2026-05-15T20:38:47.637859Z"},{"id":447,"fincertId":"FINCERT-2026-000447","incidentId":6904,"idempotencyKey":"incident-6904","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:38:31.583789Z","receivedAt":"2026-05-15T20:38:31.609267Z"},{"id":446,"fincertId":"FINCERT-2026-000446","incidentId":6895,"idempotencyKey":"incident-6895","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:38:22.579264Z","receivedAt":"2026-05-15T20:38:22.609043Z"},{"id":445,"fincertId":"FINCERT-2026-000445","incidentId":6894,"idempotencyKey":"incident-6894","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:38:21.580809Z","receivedAt":"2026-05-15T20:38:21.599735Z"},{"id":444,"fincertId":"FINCERT-2026-000444","incidentId":6892,"idempotencyKey":"incident-6892","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:38:19.578824Z","receivedAt":"2026-05-15T20:38:19.599643Z"},{"id":443,"fincertId":"FINCERT-2026-000443","incidentId":6890,"idempotencyKey":"incident-6890","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:38:17.579789Z","receivedAt":"2026-05-15T20:38:17.604452Z"},{"id":442,"fincertId":"FINCERT-2026-000442","incidentId":6885,"idempotencyKey":"incident-6885","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:38:12.583521Z","receivedAt":"2026-05-15T20:38:12.607149Z"},{"id":441,"fincertId":"FINCERT-2026-000441","incidentId":6878,"idempotencyKey":"incident-6878","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:38:05.580439Z","receivedAt":"2026-05-15T20:38:05.603520Z"},{"id":440,"fincertId":"FINCERT-2026-000440","incidentId":6877,"idempotencyKey":"incident-6877","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:38:04.578455Z","receivedAt":"2026-05-15T20:38:04.601730Z"},{"id":439,"fincertId":"FINCERT-2026-000439","incidentId":6876,"idempotencyKey":"incident-6876","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:38:03.584413Z","receivedAt":"2026-05-15T20:38:03.606708Z"},{"id":438,"fincertId":"FINCERT-2026-000438","incidentId":6874,"idempotencyKey":"incident-6874","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:38:01.579002Z","receivedAt":"2026-05-15T20:38:01.600065Z"},{"id":437,"fincertId":"FINCERT-2026-000437","incidentId":6869,"idempotencyKey":"incident-6869","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:37:56.584998Z","receivedAt":"2026-05-15T20:37:56.609989Z"},{"id":436,"fincertId":"FINCERT-2026-000436","incidentId":6866,"idempotencyKey":"incident-6866","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:37:53.582306Z","receivedAt":"2026-05-15T20:37:53.607741Z"},{"id":435,"fincertId":"FINCERT-2026-000435","incidentId":6861,"idempotencyKey":"incident-6861","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:37:48.587243Z","receivedAt":"2026-05-15T20:37:48.614242Z"},{"id":434,"fincertId":"FINCERT-2026-000434","incidentId":6858,"idempotencyKey":"incident-6858","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:37:38.234019Z","receivedAt":"2026-05-15T20:37:38.253407Z"},{"id":433,"fincertId":"FINCERT-2026-000433","incidentId":6856,"idempotencyKey":"incident-6856","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:37:36.231734Z","receivedAt":"2026-05-15T20:37:36.270007Z"},{"id":432,"fincertId":"FINCERT-2026-000432","incidentId":6849,"idempotencyKey":"incident-6849","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:37:29.240413Z","receivedAt":"2026-05-15T20:37:29.282836Z"},{"id":431,"fincertId":"FINCERT-2026-000431","incidentId":6846,"idempotencyKey":"incident-6846","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:37:26.235243Z","receivedAt":"2026-05-15T20:37:26.264520Z"},{"id":430,"fincertId":"FINCERT-2026-000430","incidentId":6845,"idempotencyKey":"incident-6845","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:37:25.231313Z","receivedAt":"2026-05-15T20:37:25.259149Z"},{"id":429,"fincertId":"FINCERT-2026-000429","incidentId":6842,"idempotencyKey":"incident-6842","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:37:22.232977Z","receivedAt":"2026-05-15T20:37:22.266799Z"},{"id":428,"fincertId":"FINCERT-2026-000428","incidentId":6839,"idempotencyKey":"incident-6839","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:37:19.233954Z","receivedAt":"2026-05-15T20:37:19.297709Z"},{"id":427,"fincertId":"FINCERT-2026-000427","incidentId":6833,"idempotencyKey":"incident-6833","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:37:13.232480Z","receivedAt":"2026-05-15T20:37:13.253467Z"},{"id":426,"fincertId":"FINCERT-2026-000426","incidentId":6831,"idempotencyKey":"incident-6831","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:37:11.231572Z","receivedAt":"2026-05-15T20:37:11.262930Z"},{"id":425,"fincertId":"FINCERT-2026-000425","incidentId":6828,"idempotencyKey":"incident-6828","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:37:08.230805Z","receivedAt":"2026-05-15T20:37:08.250409Z"},{"id":424,"fincertId":"FINCERT-2026-000424","incidentId":6827,"idempotencyKey":"incident-6827","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:37:07.230616Z","receivedAt":"2026-05-15T20:37:07.252210Z"},{"id":423,"fincertId":"FINCERT-2026-000423","incidentId":6826,"idempotencyKey":"incident-6826","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:37:06.232412Z","receivedAt":"2026-05-15T20:37:06.266032Z"},{"id":422,"fincertId":"FINCERT-2026-000422","incidentId":6821,"idempotencyKey":"incident-6821","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:37:01.231904Z","receivedAt":"2026-05-15T20:37:01.256066Z"},{"id":421,"fincertId":"FINCERT-2026-000421","incidentId":6818,"idempotencyKey":"incident-6818","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:36:58.235945Z","receivedAt":"2026-05-15T20:36:58.260658Z"},{"id":420,"fincertId":"FINCERT-2026-000420","incidentId":6813,"idempotencyKey":"incident-6813","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:36:53.239385Z","receivedAt":"2026-05-15T20:36:53.265723Z"},{"id":419,"fincertId":"FINCERT-2026-000419","incidentId":6812,"idempotencyKey":"incident-6812","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:36:52.229745Z","receivedAt":"2026-05-15T20:36:52.244886Z"},{"id":418,"fincertId":"FINCERT-2026-000418","incidentId":6809,"idempotencyKey":"incident-6809","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:36:49.236663Z","receivedAt":"2026-05-15T20:36:49.254989Z"},{"id":417,"fincertId":"FINCERT-2026-000417","incidentId":6805,"idempotencyKey":"incident-6805","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:36:45.234113Z","receivedAt":"2026-05-15T20:36:45.261487Z"},{"id":416,"fincertId":"FINCERT-2026-000416","incidentId":6804,"idempotencyKey":"incident-6804","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:36:44.229772Z","receivedAt":"2026-05-15T20:36:44.248303Z"},{"id":415,"fincertId":"FINCERT-2026-000415","incidentId":6803,"idempotencyKey":"incident-6803","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:36:43.231434Z","receivedAt":"2026-05-15T20:36:43.255608Z"},{"id":414,"fincertId":"FINCERT-2026-000414","incidentId":6801,"idempotencyKey":"incident-6801","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:36:41.229743Z","receivedAt":"2026-05-15T20:36:41.251263Z"},{"id":413,"fincertId":"FINCERT-2026-000413","incidentId":6796,"idempotencyKey":"incident-6796","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:36:36.231938Z","receivedAt":"2026-05-15T20:36:36.265855Z"},{"id":412,"fincertId":"FINCERT-2026-000412","incidentId":6790,"idempotencyKey":"incident-6790","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:36:30.231399Z","receivedAt":"2026-05-15T20:36:30.258447Z"},{"id":411,"fincertId":"FINCERT-2026-000411","incidentId":6788,"idempotencyKey":"incident-6788","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:36:28.230121Z","receivedAt":"2026-05-15T20:36:28.250767Z"},{"id":410,"fincertId":"FINCERT-2026-000410","incidentId":6787,"idempotencyKey":"incident-6787","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:36:27.232502Z","receivedAt":"2026-05-15T20:36:27.264731Z"},{"id":409,"fincertId":"FINCERT-2026-000409","incidentId":6785,"idempotencyKey":"incident-6785","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:36:25.237704Z","receivedAt":"2026-05-15T20:36:25.262477Z"},{"id":408,"fincertId":"FINCERT-2026-000408","incidentId":6783,"idempotencyKey":"incident-6783","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:36:23.229361Z","receivedAt":"2026-05-15T20:36:23.250722Z"},{"id":407,"fincertId":"FINCERT-2026-000407","incidentId":6782,"idempotencyKey":"incident-6782","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:36:22.233939Z","receivedAt":"2026-05-15T20:36:22.257718Z"},{"id":406,"fincertId":"FINCERT-2026-000406","incidentId":6778,"idempotencyKey":"incident-6778","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:36:18.230382Z","receivedAt":"2026-05-15T20:36:18.247756Z"},{"id":405,"fincertId":"FINCERT-2026-000405","incidentId":6774,"idempotencyKey":"incident-6774","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:36:14.234648Z","receivedAt":"2026-05-15T20:36:14.259501Z"},{"id":404,"fincertId":"FINCERT-2026-000404","incidentId":6772,"idempotencyKey":"incident-6772","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:36:12.230522Z","receivedAt":"2026-05-15T20:36:12.251624Z"},{"id":403,"fincertId":"FINCERT-2026-000403","incidentId":6770,"idempotencyKey":"incident-6770","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:36:10.233608Z","receivedAt":"2026-05-15T20:36:10.282779Z"},{"id":402,"fincertId":"FINCERT-2026-000402","incidentId":6768,"idempotencyKey":"incident-6768","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:36:08.233576Z","receivedAt":"2026-05-15T20:36:08.265404Z"},{"id":401,"fincertId":"FINCERT-2026-000401","incidentId":6763,"idempotencyKey":"incident-6763","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:36:03.229904Z","receivedAt":"2026-05-15T20:36:03.256551Z"},{"id":400,"fincertId":"FINCERT-2026-000400","incidentId":6761,"idempotencyKey":"incident-6761","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:36:01.230794Z","receivedAt":"2026-05-15T20:36:01.257673Z"},{"id":399,"fincertId":"FINCERT-2026-000399","incidentId":6760,"idempotencyKey":"incident-6760","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:36:00.230005Z","receivedAt":"2026-05-15T20:36:00.251124Z"},{"id":398,"fincertId":"FINCERT-2026-000398","incidentId":6759,"idempotencyKey":"incident-6759","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:35:59.230486Z","receivedAt":"2026-05-15T20:35:59.259920Z"},{"id":397,"fincertId":"FINCERT-2026-000397","incidentId":6757,"idempotencyKey":"incident-6757","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:35:57.231072Z","receivedAt":"2026-05-15T20:35:57.254003Z"},{"id":396,"fincertId":"FINCERT-2026-000396","incidentId":6756,"idempotencyKey":"incident-6756","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:35:56.232736Z","receivedAt":"2026-05-15T20:35:56.276107Z"},{"id":395,"fincertId":"FINCERT-2026-000395","incidentId":6753,"idempotencyKey":"incident-6753","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:35:53.229853Z","receivedAt":"2026-05-15T20:35:53.251314Z"},{"id":394,"fincertId":"FINCERT-2026-000394","incidentId":6751,"idempotencyKey":"incident-6751","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:35:51.235151Z","receivedAt":"2026-05-15T20:35:51.272426Z"},{"id":393,"fincertId":"FINCERT-2026-000393","incidentId":6749,"idempotencyKey":"incident-6749","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:35:49.229757Z","receivedAt":"2026-05-15T20:35:49.246691Z"},{"id":392,"fincertId":"FINCERT-2026-000392","incidentId":6748,"idempotencyKey":"incident-6748","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:35:48.232893Z","receivedAt":"2026-05-15T20:35:48.255386Z"},{"id":391,"fincertId":"FINCERT-2026-000391","incidentId":6747,"idempotencyKey":"incident-6747","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:35:47.229381Z","receivedAt":"2026-05-15T20:35:47.247652Z"},{"id":390,"fincertId":"FINCERT-2026-000390","incidentId":6745,"idempotencyKey":"incident-6745","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:35:45.232620Z","receivedAt":"2026-05-15T20:35:45.254914Z"},{"id":389,"fincertId":"FINCERT-2026-000389","incidentId":6742,"idempotencyKey":"incident-6742","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:35:42.230778Z","receivedAt":"2026-05-15T20:35:42.250889Z"},{"id":388,"fincertId":"FINCERT-2026-000388","incidentId":6740,"idempotencyKey":"incident-6740","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:35:40.231794Z","receivedAt":"2026-05-15T20:35:40.252040Z"},{"id":387,"fincertId":"FINCERT-2026-000387","incidentId":6739,"idempotencyKey":"incident-6739","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:35:39.231769Z","receivedAt":"2026-05-15T20:35:39.263758Z"},{"id":386,"fincertId":"FINCERT-2026-000386","incidentId":6734,"idempotencyKey":"incident-6734","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:35:34.231764Z","receivedAt":"2026-05-15T20:35:34.260937Z"},{"id":385,"fincertId":"FINCERT-2026-000385","incidentId":6733,"idempotencyKey":"incident-6733","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:35:33.229789Z","receivedAt":"2026-05-15T20:35:33.247906Z"},{"id":384,"fincertId":"FINCERT-2026-000384","incidentId":6731,"idempotencyKey":"incident-6731","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:35:31.230529Z","receivedAt":"2026-05-15T20:35:31.260982Z"},{"id":383,"fincertId":"FINCERT-2026-000383","incidentId":6730,"idempotencyKey":"incident-6730","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:35:30.229838Z","receivedAt":"2026-05-15T20:35:30.250267Z"},{"id":382,"fincertId":"FINCERT-2026-000382","incidentId":6723,"idempotencyKey":"incident-6723","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:35:23.233034Z","receivedAt":"2026-05-15T20:35:23.267050Z"},{"id":381,"fincertId":"FINCERT-2026-000381","incidentId":6721,"idempotencyKey":"incident-6721","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:35:21.232730Z","receivedAt":"2026-05-15T20:35:21.255966Z"},{"id":380,"fincertId":"FINCERT-2026-000380","incidentId":6717,"idempotencyKey":"incident-6717","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:35:17.232488Z","receivedAt":"2026-05-15T20:35:17.259096Z"},{"id":379,"fincertId":"FINCERT-2026-000379","incidentId":6715,"idempotencyKey":"incident-6715","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:35:15.232311Z","receivedAt":"2026-05-15T20:35:15.256371Z"},{"id":378,"fincertId":"FINCERT-2026-000378","incidentId":6714,"idempotencyKey":"incident-6714","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:35:14.230624Z","receivedAt":"2026-05-15T20:35:14.248488Z"},{"id":377,"fincertId":"FINCERT-2026-000377","incidentId":6713,"idempotencyKey":"incident-6713","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:35:13.229664Z","receivedAt":"2026-05-15T20:35:13.247252Z"},{"id":376,"fincertId":"FINCERT-2026-000376","incidentId":6712,"idempotencyKey":"incident-6712","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:35:12.229931Z","receivedAt":"2026-05-15T20:35:12.246522Z"},{"id":375,"fincertId":"FINCERT-2026-000375","incidentId":6711,"idempotencyKey":"incident-6711","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:35:11.229888Z","receivedAt":"2026-05-15T20:35:11.246111Z"},{"id":374,"fincertId":"FINCERT-2026-000374","incidentId":6709,"idempotencyKey":"incident-6709","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:35:09.231420Z","receivedAt":"2026-05-15T20:35:09.252514Z"},{"id":373,"fincertId":"FINCERT-2026-000373","incidentId":6707,"idempotencyKey":"incident-6707","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:35:07.230078Z","receivedAt":"2026-05-15T20:35:07.246744Z"},{"id":372,"fincertId":"FINCERT-2026-000372","incidentId":6704,"idempotencyKey":"incident-6704","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:35:04.233129Z","receivedAt":"2026-05-15T20:35:04.257263Z"},{"id":371,"fincertId":"FINCERT-2026-000371","incidentId":6701,"idempotencyKey":"incident-6701","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:35:01.231962Z","receivedAt":"2026-05-15T20:35:01.252467Z"},{"id":370,"fincertId":"FINCERT-2026-000370","incidentId":6700,"idempotencyKey":"incident-6700","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:35:00.230654Z","receivedAt":"2026-05-15T20:35:00.249083Z"},{"id":369,"fincertId":"FINCERT-2026-000369","incidentId":6698,"idempotencyKey":"incident-6698","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:34:58.231824Z","receivedAt":"2026-05-15T20:34:58.255734Z"},{"id":368,"fincertId":"FINCERT-2026-000368","incidentId":6696,"idempotencyKey":"incident-6696","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:34:56.231902Z","receivedAt":"2026-05-15T20:34:56.252557Z"},{"id":367,"fincertId":"FINCERT-2026-000367","incidentId":6695,"idempotencyKey":"incident-6695","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:34:55.233941Z","receivedAt":"2026-05-15T20:34:55.268337Z"},{"id":366,"fincertId":"FINCERT-2026-000366","incidentId":6693,"idempotencyKey":"incident-6693","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:34:53.230162Z","receivedAt":"2026-05-15T20:34:53.248969Z"},{"id":365,"fincertId":"FINCERT-2026-000365","incidentId":6692,"idempotencyKey":"incident-6692","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:34:52.231279Z","receivedAt":"2026-05-15T20:34:52.260965Z"},{"id":364,"fincertId":"FINCERT-2026-000364","incidentId":6684,"idempotencyKey":"incident-6684","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:34:44.230801Z","receivedAt":"2026-05-15T20:34:44.250788Z"},{"id":363,"fincertId":"FINCERT-2026-000363","incidentId":6679,"idempotencyKey":"incident-6679","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:34:39.233893Z","receivedAt":"2026-05-15T20:34:39.266664Z"},{"id":362,"fincertId":"FINCERT-2026-000362","incidentId":6675,"idempotencyKey":"incident-6675","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:34:35.231962Z","receivedAt":"2026-05-15T20:34:35.252544Z"},{"id":361,"fincertId":"FINCERT-2026-000361","incidentId":6674,"idempotencyKey":"incident-6674","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:34:34.230843Z","receivedAt":"2026-05-15T20:34:34.248675Z"},{"id":360,"fincertId":"FINCERT-2026-000360","incidentId":6673,"idempotencyKey":"incident-6673","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:34:33.237167Z","receivedAt":"2026-05-15T20:34:33.261066Z"},{"id":359,"fincertId":"FINCERT-2026-000359","incidentId":6672,"idempotencyKey":"incident-6672","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:34:32.232394Z","receivedAt":"2026-05-15T20:34:32.256444Z"},{"id":358,"fincertId":"FINCERT-2026-000358","incidentId":6671,"idempotencyKey":"incident-6671","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:34:31.230135Z","receivedAt":"2026-05-15T20:34:31.248666Z"},{"id":357,"fincertId":"FINCERT-2026-000357","incidentId":6669,"idempotencyKey":"incident-6669","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:34:29.231518Z","receivedAt":"2026-05-15T20:34:29.255405Z"},{"id":356,"fincertId":"FINCERT-2026-000356","incidentId":6668,"idempotencyKey":"incident-6668","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:34:28.236098Z","receivedAt":"2026-05-15T20:34:28.259516Z"},{"id":355,"fincertId":"FINCERT-2026-000355","incidentId":6664,"idempotencyKey":"incident-6664","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:34:24.232621Z","receivedAt":"2026-05-15T20:34:24.264245Z"},{"id":354,"fincertId":"FINCERT-2026-000354","incidentId":6660,"idempotencyKey":"incident-6660","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:34:20.232277Z","receivedAt":"2026-05-15T20:34:20.257705Z"},{"id":353,"fincertId":"FINCERT-2026-000353","incidentId":6657,"idempotencyKey":"incident-6657","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:34:17.231139Z","receivedAt":"2026-05-15T20:34:17.248685Z"},{"id":352,"fincertId":"FINCERT-2026-000352","incidentId":6656,"idempotencyKey":"incident-6656","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:34:16.232029Z","receivedAt":"2026-05-15T20:34:16.259484Z"},{"id":351,"fincertId":"FINCERT-2026-000351","incidentId":6655,"idempotencyKey":"incident-6655","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:34:15.232941Z","receivedAt":"2026-05-15T20:34:15.268734Z"},{"id":350,"fincertId":"FINCERT-2026-000350","incidentId":6632,"idempotencyKey":"incident-6632","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:33:52.230750Z","receivedAt":"2026-05-15T20:33:52.253386Z"},{"id":349,"fincertId":"FINCERT-2026-000349","incidentId":6626,"idempotencyKey":"incident-6626","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:33:46.230444Z","receivedAt":"2026-05-15T20:33:46.247874Z"},{"id":348,"fincertId":"FINCERT-2026-000348","incidentId":6625,"idempotencyKey":"incident-6625","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:33:45.230117Z","receivedAt":"2026-05-15T20:33:45.250646Z"},{"id":347,"fincertId":"FINCERT-2026-000347","incidentId":6623,"idempotencyKey":"incident-6623","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:33:43.231395Z","receivedAt":"2026-05-15T20:33:43.252960Z"},{"id":346,"fincertId":"FINCERT-2026-000346","incidentId":6621,"idempotencyKey":"incident-6621","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:33:41.229817Z","receivedAt":"2026-05-15T20:33:41.245710Z"},{"id":345,"fincertId":"FINCERT-2026-000345","incidentId":6617,"idempotencyKey":"incident-6617","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:33:37.230965Z","receivedAt":"2026-05-15T20:33:37.256950Z"},{"id":344,"fincertId":"FINCERT-2026-000344","incidentId":6614,"idempotencyKey":"incident-6614","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:33:34.235495Z","receivedAt":"2026-05-15T20:33:34.264373Z"},{"id":343,"fincertId":"FINCERT-2026-000343","incidentId":6613,"idempotencyKey":"incident-6613","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:33:33.232354Z","receivedAt":"2026-05-15T20:33:33.265056Z"},{"id":342,"fincertId":"FINCERT-2026-000342","incidentId":6608,"idempotencyKey":"incident-6608","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:33:28.237452Z","receivedAt":"2026-05-15T20:33:28.259768Z"},{"id":341,"fincertId":"FINCERT-2026-000341","incidentId":6603,"idempotencyKey":"incident-6603","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:33:23.231588Z","receivedAt":"2026-05-15T20:33:23.249606Z"},{"id":340,"fincertId":"FINCERT-2026-000340","incidentId":6600,"idempotencyKey":"incident-6600","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:33:20.230847Z","receivedAt":"2026-05-15T20:33:20.249895Z"},{"id":339,"fincertId":"FINCERT-2026-000339","incidentId":6599,"idempotencyKey":"incident-6599","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:33:19.239410Z","receivedAt":"2026-05-15T20:33:19.262003Z"},{"id":338,"fincertId":"FINCERT-2026-000338","incidentId":6593,"idempotencyKey":"incident-6593","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:33:13.231313Z","receivedAt":"2026-05-15T20:33:13.254535Z"},{"id":337,"fincertId":"FINCERT-2026-000337","incidentId":6588,"idempotencyKey":"incident-6588","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:33:08.230822Z","receivedAt":"2026-05-15T20:33:08.248580Z"},{"id":336,"fincertId":"FINCERT-2026-000336","incidentId":6586,"idempotencyKey":"incident-6586","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:33:06.229594Z","receivedAt":"2026-05-15T20:33:06.247822Z"},{"id":335,"fincertId":"FINCERT-2026-000335","incidentId":6578,"idempotencyKey":"incident-6578","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:32:58.231540Z","receivedAt":"2026-05-15T20:32:58.254080Z"},{"id":334,"fincertId":"FINCERT-2026-000334","incidentId":6576,"idempotencyKey":"incident-6576","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:32:56.230608Z","receivedAt":"2026-05-15T20:32:56.249850Z"},{"id":333,"fincertId":"FINCERT-2026-000333","incidentId":6573,"idempotencyKey":"incident-6573","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:32:53.234060Z","receivedAt":"2026-05-15T20:32:53.263236Z"},{"id":332,"fincertId":"FINCERT-2026-000332","incidentId":6572,"idempotencyKey":"incident-6572","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:32:52.230542Z","receivedAt":"2026-05-15T20:32:52.248836Z"},{"id":331,"fincertId":"FINCERT-2026-000331","incidentId":6570,"idempotencyKey":"incident-6570","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:32:50.231350Z","receivedAt":"2026-05-15T20:32:50.251453Z"},{"id":330,"fincertId":"FINCERT-2026-000330","incidentId":6569,"idempotencyKey":"incident-6569","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:32:49.233490Z","receivedAt":"2026-05-15T20:32:49.256989Z"},{"id":329,"fincertId":"FINCERT-2026-000329","incidentId":6568,"idempotencyKey":"incident-6568","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:32:48.234245Z","receivedAt":"2026-05-15T20:32:48.261952Z"},{"id":328,"fincertId":"FINCERT-2026-000328","incidentId":6566,"idempotencyKey":"incident-6566","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:32:46.231636Z","receivedAt":"2026-05-15T20:32:46.250862Z"},{"id":327,"fincertId":"FINCERT-2026-000327","incidentId":6565,"idempotencyKey":"incident-6565","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:32:45.230107Z","receivedAt":"2026-05-15T20:32:45.257836Z"},{"id":326,"fincertId":"FINCERT-2026-000326","incidentId":6563,"idempotencyKey":"incident-6563","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:32:43.234428Z","receivedAt":"2026-05-15T20:32:43.261822Z"},{"id":325,"fincertId":"FINCERT-2026-000325","incidentId":6560,"idempotencyKey":"incident-6560","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:32:40.237668Z","receivedAt":"2026-05-15T20:32:40.264813Z"},{"id":324,"fincertId":"FINCERT-2026-000324","incidentId":6558,"idempotencyKey":"incident-6558","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:32:38.233125Z","receivedAt":"2026-05-15T20:32:38.256776Z"},{"id":323,"fincertId":"FINCERT-2026-000323","incidentId":6550,"idempotencyKey":"incident-6550","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:32:30.232160Z","receivedAt":"2026-05-15T20:32:30.258286Z"},{"id":322,"fincertId":"FINCERT-2026-000322","incidentId":6547,"idempotencyKey":"incident-6547","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:32:27.230899Z","receivedAt":"2026-05-15T20:32:27.248279Z"},{"id":321,"fincertId":"FINCERT-2026-000321","incidentId":6545,"idempotencyKey":"incident-6545","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:32:25.232823Z","receivedAt":"2026-05-15T20:32:25.266471Z"},{"id":320,"fincertId":"FINCERT-2026-000320","incidentId":6543,"idempotencyKey":"incident-6543","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:32:23.231096Z","receivedAt":"2026-05-15T20:32:23.263262Z"},{"id":319,"fincertId":"FINCERT-2026-000319","incidentId":6539,"idempotencyKey":"incident-6539","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:32:19.235697Z","receivedAt":"2026-05-15T20:32:19.261769Z"},{"id":318,"fincertId":"FINCERT-2026-000318","incidentId":6538,"idempotencyKey":"incident-6538","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:32:18.230405Z","receivedAt":"2026-05-15T20:32:18.247334Z"},{"id":317,"fincertId":"FINCERT-2026-000317","incidentId":6537,"idempotencyKey":"incident-6537","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:32:17.231684Z","receivedAt":"2026-05-15T20:32:17.259330Z"},{"id":316,"fincertId":"FINCERT-2026-000316","incidentId":6528,"idempotencyKey":"incident-6528","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:32:08.233416Z","receivedAt":"2026-05-15T20:32:08.257156Z"},{"id":315,"fincertId":"FINCERT-2026-000315","incidentId":6527,"idempotencyKey":"incident-6527","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:32:07.230403Z","receivedAt":"2026-05-15T20:32:07.248812Z"},{"id":314,"fincertId":"FINCERT-2026-000314","incidentId":6525,"idempotencyKey":"incident-6525","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:32:05.234598Z","receivedAt":"2026-05-15T20:32:05.270280Z"},{"id":313,"fincertId":"FINCERT-2026-000313","incidentId":6522,"idempotencyKey":"incident-6522","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:32:02.232826Z","receivedAt":"2026-05-15T20:32:02.256436Z"},{"id":312,"fincertId":"FINCERT-2026-000312","incidentId":6520,"idempotencyKey":"incident-6520","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:32:00.237550Z","receivedAt":"2026-05-15T20:32:00.266327Z"},{"id":311,"fincertId":"FINCERT-2026-000311","incidentId":6518,"idempotencyKey":"incident-6518","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:31:58.231766Z","receivedAt":"2026-05-15T20:31:58.264165Z"},{"id":310,"fincertId":"FINCERT-2026-000310","incidentId":6512,"idempotencyKey":"incident-6512","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:31:52.233783Z","receivedAt":"2026-05-15T20:31:52.255875Z"},{"id":309,"fincertId":"FINCERT-2026-000309","incidentId":6511,"idempotencyKey":"incident-6511","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:31:51.249719Z","receivedAt":"2026-05-15T20:31:51.273810Z"},{"id":308,"fincertId":"FINCERT-2026-000308","incidentId":6507,"idempotencyKey":"incident-6507","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:31:47.233347Z","receivedAt":"2026-05-15T20:31:47.258087Z"},{"id":307,"fincertId":"FINCERT-2026-000307","incidentId":6502,"idempotencyKey":"incident-6502","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:31:42.240866Z","receivedAt":"2026-05-15T20:31:42.271706Z"},{"id":306,"fincertId":"FINCERT-2026-000306","incidentId":6493,"idempotencyKey":"incident-6493","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:31:33.238208Z","receivedAt":"2026-05-15T20:31:33.277224Z"},{"id":305,"fincertId":"FINCERT-2026-000305","incidentId":6485,"idempotencyKey":"incident-6485","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:31:25.235429Z","receivedAt":"2026-05-15T20:31:25.255128Z"},{"id":304,"fincertId":"FINCERT-2026-000304","incidentId":6484,"idempotencyKey":"incident-6484","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:31:24.231864Z","receivedAt":"2026-05-15T20:31:24.255416Z"},{"id":303,"fincertId":"FINCERT-2026-000303","incidentId":6480,"idempotencyKey":"incident-6480","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:31:20.237703Z","receivedAt":"2026-05-15T20:31:20.264396Z"},{"id":302,"fincertId":"FINCERT-2026-000302","incidentId":6479,"idempotencyKey":"incident-6479","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:31:19.250392Z","receivedAt":"2026-05-15T20:31:19.286508Z"},{"id":301,"fincertId":"FINCERT-2026-000301","incidentId":6477,"idempotencyKey":"incident-6477","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:31:18.670198Z","receivedAt":"2026-05-15T20:31:18.700286Z"},{"id":300,"fincertId":"FINCERT-2026-000300","incidentId":6468,"idempotencyKey":"incident-6468","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:30:56.893850Z","receivedAt":"2026-05-15T20:30:56.911044Z"},{"id":299,"fincertId":"FINCERT-2026-000299","incidentId":6467,"idempotencyKey":"incident-6467","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:55.898562Z","receivedAt":"2026-05-15T20:30:55.926987Z"},{"id":298,"fincertId":"FINCERT-2026-000298","incidentId":6464,"idempotencyKey":"incident-6464","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:52.895841Z","receivedAt":"2026-05-15T20:30:52.920739Z"},{"id":297,"fincertId":"FINCERT-2026-000297","incidentId":6457,"idempotencyKey":"incident-6457","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:45.894870Z","receivedAt":"2026-05-15T20:30:45.921991Z"},{"id":296,"fincertId":"FINCERT-2026-000296","incidentId":6452,"idempotencyKey":"incident-6452","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:30:40.894019Z","receivedAt":"2026-05-15T20:30:40.910644Z"},{"id":295,"fincertId":"FINCERT-2026-000295","incidentId":6448,"idempotencyKey":"incident-6448","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:36.899062Z","receivedAt":"2026-05-15T20:30:36.935791Z"},{"id":294,"fincertId":"FINCERT-2026-000294","incidentId":6445,"idempotencyKey":"incident-6445","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:33.894034Z","receivedAt":"2026-05-15T20:30:33.923911Z"},{"id":293,"fincertId":"FINCERT-2026-000293","incidentId":6438,"idempotencyKey":"incident-6438","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:26.897344Z","receivedAt":"2026-05-15T20:30:26.938325Z"},{"id":292,"fincertId":"FINCERT-2026-000292","incidentId":6437,"idempotencyKey":"incident-6437","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:25.895631Z","receivedAt":"2026-05-15T20:30:25.922420Z"},{"id":291,"fincertId":"FINCERT-2026-000291","incidentId":6433,"idempotencyKey":"incident-6433","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:30:21.893713Z","receivedAt":"2026-05-15T20:30:21.908056Z"},{"id":290,"fincertId":"FINCERT-2026-000290","incidentId":6423,"idempotencyKey":"incident-6423","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:30:11.894161Z","receivedAt":"2026-05-15T20:30:11.910767Z"},{"id":289,"fincertId":"FINCERT-2026-000289","incidentId":6419,"idempotencyKey":"incident-6419","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:07.895829Z","receivedAt":"2026-05-15T20:30:07.912946Z"},{"id":288,"fincertId":"FINCERT-2026-000288","incidentId":6417,"idempotencyKey":"incident-6417","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:30:05.896963Z","receivedAt":"2026-05-15T20:30:05.921640Z"},{"id":287,"fincertId":"FINCERT-2026-000287","incidentId":6413,"idempotencyKey":"incident-6413","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:30:01.895593Z","receivedAt":"2026-05-15T20:30:01.925145Z"},{"id":286,"fincertId":"FINCERT-2026-000286","incidentId":6404,"idempotencyKey":"incident-6404","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:52.894018Z","receivedAt":"2026-05-15T20:29:52.917764Z"},{"id":285,"fincertId":"FINCERT-2026-000285","incidentId":6403,"idempotencyKey":"incident-6403","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:29:51.894599Z","receivedAt":"2026-05-15T20:29:51.917100Z"},{"id":284,"fincertId":"FINCERT-2026-000284","incidentId":6398,"idempotencyKey":"incident-6398","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:29:46.897374Z","receivedAt":"2026-05-15T20:29:46.930330Z"},{"id":283,"fincertId":"FINCERT-2026-000283","incidentId":6396,"idempotencyKey":"incident-6396","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:29:44.895791Z","receivedAt":"2026-05-15T20:29:44.922540Z"},{"id":282,"fincertId":"FINCERT-2026-000282","incidentId":6392,"idempotencyKey":"incident-6392","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:29:40.893695Z","receivedAt":"2026-05-15T20:29:40.915405Z"},{"id":281,"fincertId":"FINCERT-2026-000281","incidentId":6391,"idempotencyKey":"incident-6391","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:29:39.896632Z","receivedAt":"2026-05-15T20:29:39.922260Z"},{"id":280,"fincertId":"FINCERT-2026-000280","incidentId":6388,"idempotencyKey":"incident-6388","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:36.896227Z","receivedAt":"2026-05-15T20:29:36.918404Z"},{"id":279,"fincertId":"FINCERT-2026-000279","incidentId":6387,"idempotencyKey":"incident-6387","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:35.893886Z","receivedAt":"2026-05-15T20:29:35.915234Z"},{"id":278,"fincertId":"FINCERT-2026-000278","incidentId":6384,"idempotencyKey":"incident-6384","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:29:32.894224Z","receivedAt":"2026-05-15T20:29:32.916119Z"},{"id":277,"fincertId":"FINCERT-2026-000277","incidentId":6382,"idempotencyKey":"incident-6382","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:29:30.900102Z","receivedAt":"2026-05-15T20:29:30.928837Z"},{"id":276,"fincertId":"FINCERT-2026-000276","incidentId":6378,"idempotencyKey":"incident-6378","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:26.894423Z","receivedAt":"2026-05-15T20:29:26.913986Z"},{"id":275,"fincertId":"FINCERT-2026-000275","incidentId":6377,"idempotencyKey":"incident-6377","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:29:25.895777Z","receivedAt":"2026-05-15T20:29:25.920497Z"},{"id":274,"fincertId":"FINCERT-2026-000274","incidentId":6375,"idempotencyKey":"incident-6375","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:23.895681Z","receivedAt":"2026-05-15T20:29:23.915580Z"},{"id":273,"fincertId":"FINCERT-2026-000273","incidentId":6373,"idempotencyKey":"incident-6373","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:21.894042Z","receivedAt":"2026-05-15T20:29:21.914918Z"},{"id":272,"fincertId":"FINCERT-2026-000272","incidentId":6372,"idempotencyKey":"incident-6372","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:20.894862Z","receivedAt":"2026-05-15T20:29:20.912339Z"},{"id":271,"fincertId":"FINCERT-2026-000271","incidentId":6370,"idempotencyKey":"incident-6370","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:29:18.895411Z","receivedAt":"2026-05-15T20:29:18.921089Z"},{"id":270,"fincertId":"FINCERT-2026-000270","incidentId":6369,"idempotencyKey":"incident-6369","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:17.894468Z","receivedAt":"2026-05-15T20:29:17.914529Z"},{"id":269,"fincertId":"FINCERT-2026-000269","incidentId":6363,"idempotencyKey":"incident-6363","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:29:11.894148Z","receivedAt":"2026-05-15T20:29:11.914943Z"},{"id":268,"fincertId":"FINCERT-2026-000268","incidentId":6360,"idempotencyKey":"incident-6360","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:29:08.894815Z","receivedAt":"2026-05-15T20:29:08.916354Z"},{"id":267,"fincertId":"FINCERT-2026-000267","incidentId":6356,"idempotencyKey":"incident-6356","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:29:04.895744Z","receivedAt":"2026-05-15T20:29:04.921867Z"},{"id":266,"fincertId":"FINCERT-2026-000266","incidentId":6354,"idempotencyKey":"incident-6354","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:29:02.900689Z","receivedAt":"2026-05-15T20:29:02.926561Z"},{"id":265,"fincertId":"FINCERT-2026-000265","incidentId":6351,"idempotencyKey":"incident-6351","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:28:59.893633Z","receivedAt":"2026-05-15T20:28:59.911898Z"},{"id":264,"fincertId":"FINCERT-2026-000264","incidentId":6349,"idempotencyKey":"incident-6349","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:28:57.893440Z","receivedAt":"2026-05-15T20:28:57.910532Z"},{"id":263,"fincertId":"FINCERT-2026-000263","incidentId":6347,"idempotencyKey":"incident-6347","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:28:55.895612Z","receivedAt":"2026-05-15T20:28:55.919670Z"},{"id":262,"fincertId":"FINCERT-2026-000262","incidentId":6345,"idempotencyKey":"incident-6345","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:28:53.894830Z","receivedAt":"2026-05-15T20:28:53.913209Z"},{"id":261,"fincertId":"FINCERT-2026-000261","incidentId":6341,"idempotencyKey":"incident-6341","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:28:49.894493Z","receivedAt":"2026-05-15T20:28:49.924961Z"},{"id":260,"fincertId":"FINCERT-2026-000260","incidentId":6334,"idempotencyKey":"incident-6334","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:28:42.895480Z","receivedAt":"2026-05-15T20:28:42.920138Z"},{"id":259,"fincertId":"FINCERT-2026-000259","incidentId":6332,"idempotencyKey":"incident-6332","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:28:40.896606Z","receivedAt":"2026-05-15T20:28:40.933003Z"},{"id":258,"fincertId":"FINCERT-2026-000258","incidentId":6329,"idempotencyKey":"incident-6329","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:28:37.896093Z","receivedAt":"2026-05-15T20:28:37.923085Z"},{"id":257,"fincertId":"FINCERT-2026-000257","incidentId":6328,"idempotencyKey":"incident-6328","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:28:36.896761Z","receivedAt":"2026-05-15T20:28:36.927291Z"},{"id":256,"fincertId":"FINCERT-2026-000256","incidentId":6327,"idempotencyKey":"incident-6327","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:28:35.895618Z","receivedAt":"2026-05-15T20:28:35.934980Z"},{"id":255,"fincertId":"FINCERT-2026-000255","incidentId":6323,"idempotencyKey":"incident-6323","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:28:31.895530Z","receivedAt":"2026-05-15T20:28:31.920146Z"},{"id":254,"fincertId":"FINCERT-2026-000254","incidentId":6320,"idempotencyKey":"incident-6320","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:28:28.895091Z","receivedAt":"2026-05-15T20:28:28.927770Z"},{"id":253,"fincertId":"FINCERT-2026-000253","incidentId":6317,"idempotencyKey":"incident-6317","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:28:25.898452Z","receivedAt":"2026-05-15T20:28:25.924362Z"},{"id":252,"fincertId":"FINCERT-2026-000252","incidentId":6316,"idempotencyKey":"incident-6316","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:28:24.896044Z","receivedAt":"2026-05-15T20:28:24.926693Z"},{"id":251,"fincertId":"FINCERT-2026-000251","incidentId":6310,"idempotencyKey":"incident-6310","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:28:18.894784Z","receivedAt":"2026-05-15T20:28:18.920799Z"},{"id":250,"fincertId":"FINCERT-2026-000250","incidentId":6309,"idempotencyKey":"incident-6309","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:28:17.894288Z","receivedAt":"2026-05-15T20:28:17.917703Z"},{"id":249,"fincertId":"FINCERT-2026-000249","incidentId":6307,"idempotencyKey":"incident-6307","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:28:15.896837Z","receivedAt":"2026-05-15T20:28:15.924653Z"},{"id":248,"fincertId":"FINCERT-2026-000248","incidentId":6304,"idempotencyKey":"incident-6304","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:28:12.894599Z","receivedAt":"2026-05-15T20:28:12.917451Z"},{"id":247,"fincertId":"FINCERT-2026-000247","incidentId":6301,"idempotencyKey":"incident-6301","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:28:09.895396Z","receivedAt":"2026-05-15T20:28:09.927070Z"},{"id":246,"fincertId":"FINCERT-2026-000246","incidentId":6300,"idempotencyKey":"incident-6300","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:28:08.895748Z","receivedAt":"2026-05-15T20:28:08.922389Z"},{"id":245,"fincertId":"FINCERT-2026-000245","incidentId":6297,"idempotencyKey":"incident-6297","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:28:05.896706Z","receivedAt":"2026-05-15T20:28:05.924447Z"},{"id":244,"fincertId":"FINCERT-2026-000244","incidentId":6296,"idempotencyKey":"incident-6296","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:28:04.895669Z","receivedAt":"2026-05-15T20:28:04.919332Z"},{"id":243,"fincertId":"FINCERT-2026-000243","incidentId":6294,"idempotencyKey":"incident-6294","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:28:02.894756Z","receivedAt":"2026-05-15T20:28:02.921915Z"},{"id":242,"fincertId":"FINCERT-2026-000242","incidentId":6293,"idempotencyKey":"incident-6293","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:28:01.896766Z","receivedAt":"2026-05-15T20:28:01.923325Z"},{"id":241,"fincertId":"FINCERT-2026-000241","incidentId":6280,"idempotencyKey":"incident-6280","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:27:48.894620Z","receivedAt":"2026-05-15T20:27:48.917861Z"},{"id":240,"fincertId":"FINCERT-2026-000240","incidentId":6278,"idempotencyKey":"incident-6278","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:27:46.895128Z","receivedAt":"2026-05-15T20:27:46.919972Z"},{"id":239,"fincertId":"FINCERT-2026-000239","incidentId":6274,"idempotencyKey":"incident-6274","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:27:42.898581Z","receivedAt":"2026-05-15T20:27:42.922769Z"},{"id":238,"fincertId":"FINCERT-2026-000238","incidentId":6270,"idempotencyKey":"incident-6270","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:27:38.894646Z","receivedAt":"2026-05-15T20:27:38.921220Z"},{"id":237,"fincertId":"FINCERT-2026-000237","incidentId":6267,"idempotencyKey":"incident-6267","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:27:35.895746Z","receivedAt":"2026-05-15T20:27:35.920678Z"},{"id":236,"fincertId":"FINCERT-2026-000236","incidentId":6263,"idempotencyKey":"incident-6263","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:27:31.895888Z","receivedAt":"2026-05-15T20:27:31.935826Z"},{"id":235,"fincertId":"FINCERT-2026-000235","incidentId":6246,"idempotencyKey":"incident-6246","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:27:14.915533Z","receivedAt":"2026-05-15T20:27:14.975664Z"},{"id":234,"fincertId":"FINCERT-2026-000234","incidentId":6242,"idempotencyKey":"incident-6242","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:27:10.896449Z","receivedAt":"2026-05-15T20:27:10.927614Z"},{"id":233,"fincertId":"FINCERT-2026-000233","incidentId":6229,"idempotencyKey":"incident-6229","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:26:57.893988Z","receivedAt":"2026-05-15T20:26:57.914481Z"},{"id":232,"fincertId":"FINCERT-2026-000232","incidentId":6219,"idempotencyKey":"incident-6219","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:47.893752Z","receivedAt":"2026-05-15T20:26:47.911803Z"},{"id":231,"fincertId":"FINCERT-2026-000231","incidentId":6218,"idempotencyKey":"incident-6218","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:26:46.900857Z","receivedAt":"2026-05-15T20:26:46.939735Z"},{"id":230,"fincertId":"FINCERT-2026-000230","incidentId":6215,"idempotencyKey":"incident-6215","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:43.897166Z","receivedAt":"2026-05-15T20:26:43.920012Z"},{"id":229,"fincertId":"FINCERT-2026-000229","incidentId":6212,"idempotencyKey":"incident-6212","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:40.896555Z","receivedAt":"2026-05-15T20:26:40.923953Z"},{"id":228,"fincertId":"FINCERT-2026-000228","incidentId":6211,"idempotencyKey":"incident-6211","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:26:39.893990Z","receivedAt":"2026-05-15T20:26:39.916058Z"},{"id":227,"fincertId":"FINCERT-2026-000227","incidentId":6208,"idempotencyKey":"incident-6208","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:36.896858Z","receivedAt":"2026-05-15T20:26:36.926617Z"},{"id":226,"fincertId":"FINCERT-2026-000226","incidentId":6205,"idempotencyKey":"incident-6205","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:33.896690Z","receivedAt":"2026-05-15T20:26:33.921876Z"},{"id":225,"fincertId":"FINCERT-2026-000225","incidentId":6204,"idempotencyKey":"incident-6204","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:32.893494Z","receivedAt":"2026-05-15T20:26:32.911164Z"},{"id":224,"fincertId":"FINCERT-2026-000224","incidentId":6203,"idempotencyKey":"incident-6203","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:31.893847Z","receivedAt":"2026-05-15T20:26:31.910404Z"},{"id":223,"fincertId":"FINCERT-2026-000223","incidentId":6202,"idempotencyKey":"incident-6202","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:26:30.893933Z","receivedAt":"2026-05-15T20:26:30.914528Z"},{"id":222,"fincertId":"FINCERT-2026-000222","incidentId":6198,"idempotencyKey":"incident-6198","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:26.895331Z","receivedAt":"2026-05-15T20:26:26.920612Z"},{"id":221,"fincertId":"FINCERT-2026-000221","incidentId":6196,"idempotencyKey":"incident-6196","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:26:24.895147Z","receivedAt":"2026-05-15T20:26:24.925402Z"},{"id":220,"fincertId":"FINCERT-2026-000220","incidentId":6194,"idempotencyKey":"incident-6194","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:26:22.894041Z","receivedAt":"2026-05-15T20:26:22.914750Z"},{"id":219,"fincertId":"FINCERT-2026-000219","incidentId":6192,"idempotencyKey":"incident-6192","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:20.895508Z","receivedAt":"2026-05-15T20:26:20.924812Z"},{"id":218,"fincertId":"FINCERT-2026-000218","incidentId":6191,"idempotencyKey":"incident-6191","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:19.895445Z","receivedAt":"2026-05-15T20:26:19.922896Z"},{"id":217,"fincertId":"FINCERT-2026-000217","incidentId":6189,"idempotencyKey":"incident-6189","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:17.897782Z","receivedAt":"2026-05-15T20:26:17.924726Z"},{"id":216,"fincertId":"FINCERT-2026-000216","incidentId":6188,"idempotencyKey":"incident-6188","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:16.894887Z","receivedAt":"2026-05-15T20:26:16.915655Z"},{"id":215,"fincertId":"FINCERT-2026-000215","incidentId":6177,"idempotencyKey":"incident-6177","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:26:05.894917Z","receivedAt":"2026-05-15T20:26:05.929596Z"},{"id":214,"fincertId":"FINCERT-2026-000214","incidentId":6175,"idempotencyKey":"incident-6175","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:03.898418Z","receivedAt":"2026-05-15T20:26:03.924113Z"},{"id":213,"fincertId":"FINCERT-2026-000213","incidentId":6174,"idempotencyKey":"incident-6174","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:26:02.895431Z","receivedAt":"2026-05-15T20:26:02.922039Z"},{"id":212,"fincertId":"FINCERT-2026-000212","incidentId":6173,"idempotencyKey":"incident-6173","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:26:01.896789Z","receivedAt":"2026-05-15T20:26:01.918842Z"},{"id":211,"fincertId":"FINCERT-2026-000211","incidentId":6172,"idempotencyKey":"incident-6172","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:26:00.910321Z","receivedAt":"2026-05-15T20:26:00.940721Z"},{"id":210,"fincertId":"FINCERT-2026-000210","incidentId":6170,"idempotencyKey":"incident-6170","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:25:58.898120Z","receivedAt":"2026-05-15T20:25:58.919113Z"},{"id":209,"fincertId":"FINCERT-2026-000209","incidentId":6169,"idempotencyKey":"incident-6169","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:57.894502Z","receivedAt":"2026-05-15T20:25:57.914349Z"},{"id":208,"fincertId":"FINCERT-2026-000208","incidentId":6167,"idempotencyKey":"incident-6167","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:55.895934Z","receivedAt":"2026-05-15T20:25:55.935790Z"},{"id":207,"fincertId":"FINCERT-2026-000207","incidentId":6166,"idempotencyKey":"incident-6166","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:54.895902Z","receivedAt":"2026-05-15T20:25:54.921762Z"},{"id":206,"fincertId":"FINCERT-2026-000206","incidentId":6160,"idempotencyKey":"incident-6160","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:25:48.896169Z","receivedAt":"2026-05-15T20:25:48.915344Z"},{"id":205,"fincertId":"FINCERT-2026-000205","incidentId":6159,"idempotencyKey":"incident-6159","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:25:47.906937Z","receivedAt":"2026-05-15T20:25:47.935804Z"},{"id":204,"fincertId":"FINCERT-2026-000204","incidentId":6154,"idempotencyKey":"incident-6154","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:25:42.895096Z","receivedAt":"2026-05-15T20:25:42.922161Z"},{"id":203,"fincertId":"FINCERT-2026-000203","incidentId":6153,"idempotencyKey":"incident-6153","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:25:41.894972Z","receivedAt":"2026-05-15T20:25:41.926399Z"},{"id":202,"fincertId":"FINCERT-2026-000202","incidentId":6150,"idempotencyKey":"incident-6150","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:38.896457Z","receivedAt":"2026-05-15T20:25:38.930921Z"},{"id":201,"fincertId":"FINCERT-2026-000201","incidentId":6149,"idempotencyKey":"incident-6149","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:25:37.897490Z","receivedAt":"2026-05-15T20:25:37.923029Z"},{"id":200,"fincertId":"FINCERT-2026-000200","incidentId":6147,"idempotencyKey":"incident-6147","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:35.896Z","receivedAt":"2026-05-15T20:25:35.916144Z"},{"id":199,"fincertId":"FINCERT-2026-000199","incidentId":6146,"idempotencyKey":"incident-6146","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:34.911551Z","receivedAt":"2026-05-15T20:25:34.957550Z"},{"id":198,"fincertId":"FINCERT-2026-000198","incidentId":6144,"idempotencyKey":"incident-6144","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:32.895457Z","receivedAt":"2026-05-15T20:25:32.930284Z"},{"id":197,"fincertId":"FINCERT-2026-000197","incidentId":6142,"idempotencyKey":"incident-6142","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:30.895577Z","receivedAt":"2026-05-15T20:25:30.923528Z"},{"id":196,"fincertId":"FINCERT-2026-000196","incidentId":6136,"idempotencyKey":"incident-6136","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:24.894394Z","receivedAt":"2026-05-15T20:25:24.915818Z"},{"id":195,"fincertId":"FINCERT-2026-000195","incidentId":6130,"idempotencyKey":"incident-6130","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:25:18.897105Z","receivedAt":"2026-05-15T20:25:18.925554Z"},{"id":194,"fincertId":"FINCERT-2026-000194","incidentId":6129,"idempotencyKey":"incident-6129","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:17.897631Z","receivedAt":"2026-05-15T20:25:17.929568Z"},{"id":193,"fincertId":"FINCERT-2026-000193","incidentId":6126,"idempotencyKey":"incident-6126","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:25:14.897340Z","receivedAt":"2026-05-15T20:25:14.930701Z"},{"id":192,"fincertId":"FINCERT-2026-000192","incidentId":6125,"idempotencyKey":"incident-6125","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:25:13.893913Z","receivedAt":"2026-05-15T20:25:13.913096Z"},{"id":191,"fincertId":"FINCERT-2026-000191","incidentId":6124,"idempotencyKey":"incident-6124","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:25:12.895434Z","receivedAt":"2026-05-15T20:25:12.923388Z"},{"id":190,"fincertId":"FINCERT-2026-000190","incidentId":6122,"idempotencyKey":"incident-6122","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:25:10.894851Z","receivedAt":"2026-05-15T20:25:10.912754Z"},{"id":189,"fincertId":"FINCERT-2026-000189","incidentId":6121,"idempotencyKey":"incident-6121","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:25:09.896727Z","receivedAt":"2026-05-15T20:25:09.918423Z"},{"id":188,"fincertId":"FINCERT-2026-000188","incidentId":6117,"idempotencyKey":"incident-6117","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:25:05.897076Z","receivedAt":"2026-05-15T20:25:05.928658Z"},{"id":187,"fincertId":"FINCERT-2026-000187","incidentId":6114,"idempotencyKey":"incident-6114","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:25:02.896288Z","receivedAt":"2026-05-15T20:25:02.916907Z"},{"id":186,"fincertId":"FINCERT-2026-000186","incidentId":6113,"idempotencyKey":"incident-6113","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:25:01.897446Z","receivedAt":"2026-05-15T20:25:01.924843Z"},{"id":185,"fincertId":"FINCERT-2026-000185","incidentId":6111,"idempotencyKey":"incident-6111","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:24:59.894742Z","receivedAt":"2026-05-15T20:24:59.922232Z"},{"id":184,"fincertId":"FINCERT-2026-000184","incidentId":6104,"idempotencyKey":"incident-6104","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:24:52.896038Z","receivedAt":"2026-05-15T20:24:52.919421Z"},{"id":183,"fincertId":"FINCERT-2026-000183","incidentId":6099,"idempotencyKey":"incident-6099","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:24:47.895610Z","receivedAt":"2026-05-15T20:24:47.925267Z"},{"id":182,"fincertId":"FINCERT-2026-000182","incidentId":6098,"idempotencyKey":"incident-6098","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:24:46.899035Z","receivedAt":"2026-05-15T20:24:46.925023Z"},{"id":181,"fincertId":"FINCERT-2026-000181","incidentId":6091,"idempotencyKey":"incident-6091","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:24:39.898806Z","receivedAt":"2026-05-15T20:24:39.927667Z"},{"id":180,"fincertId":"FINCERT-2026-000180","incidentId":6090,"idempotencyKey":"incident-6090","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:24:38.898056Z","receivedAt":"2026-05-15T20:24:38.922292Z"},{"id":179,"fincertId":"FINCERT-2026-000179","incidentId":6086,"idempotencyKey":"incident-6086","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:24:34.905384Z","receivedAt":"2026-05-15T20:24:34.934758Z"},{"id":178,"fincertId":"FINCERT-2026-000178","incidentId":6084,"idempotencyKey":"incident-6084","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:24:32.895449Z","receivedAt":"2026-05-15T20:24:32.917245Z"},{"id":177,"fincertId":"FINCERT-2026-000177","incidentId":6081,"idempotencyKey":"incident-6081","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:24:29.895148Z","receivedAt":"2026-05-15T20:24:29.917068Z"},{"id":176,"fincertId":"FINCERT-2026-000176","incidentId":6078,"idempotencyKey":"incident-6078","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:24:26.897752Z","receivedAt":"2026-05-15T20:24:26.927026Z"},{"id":175,"fincertId":"FINCERT-2026-000175","incidentId":6073,"idempotencyKey":"incident-6073","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:24:21.895746Z","receivedAt":"2026-05-15T20:24:21.920539Z"},{"id":174,"fincertId":"FINCERT-2026-000174","incidentId":6071,"idempotencyKey":"incident-6071","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:24:19.902417Z","receivedAt":"2026-05-15T20:24:19.936761Z"},{"id":173,"fincertId":"FINCERT-2026-000173","incidentId":6069,"idempotencyKey":"incident-6069","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:24:17.894802Z","receivedAt":"2026-05-15T20:24:17.918840Z"},{"id":172,"fincertId":"FINCERT-2026-000172","incidentId":6066,"idempotencyKey":"incident-6066","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:24:14.895048Z","receivedAt":"2026-05-15T20:24:14.915234Z"},{"id":171,"fincertId":"FINCERT-2026-000171","incidentId":6064,"idempotencyKey":"incident-6064","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:24:12.898156Z","receivedAt":"2026-05-15T20:24:12.928381Z"},{"id":170,"fincertId":"FINCERT-2026-000170","incidentId":6061,"idempotencyKey":"incident-6061","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:24:09.894729Z","receivedAt":"2026-05-15T20:24:09.915739Z"},{"id":169,"fincertId":"FINCERT-2026-000169","incidentId":6058,"idempotencyKey":"incident-6058","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:24:06.896990Z","receivedAt":"2026-05-15T20:24:06.924346Z"},{"id":168,"fincertId":"FINCERT-2026-000168","incidentId":6053,"idempotencyKey":"incident-6053","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:24:01.910660Z","receivedAt":"2026-05-15T20:24:01.931923Z"},{"id":167,"fincertId":"FINCERT-2026-000167","incidentId":6049,"idempotencyKey":"incident-6049","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:23:57.896799Z","receivedAt":"2026-05-15T20:23:57.922036Z"},{"id":166,"fincertId":"FINCERT-2026-000166","incidentId":6048,"idempotencyKey":"incident-6048","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:23:56.896473Z","receivedAt":"2026-05-15T20:23:56.920525Z"},{"id":165,"fincertId":"FINCERT-2026-000165","incidentId":6041,"idempotencyKey":"incident-6041","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:23:49.895883Z","receivedAt":"2026-05-15T20:23:49.916773Z"},{"id":164,"fincertId":"FINCERT-2026-000164","incidentId":6039,"idempotencyKey":"incident-6039","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:23:47.895283Z","receivedAt":"2026-05-15T20:23:47.915972Z"},{"id":163,"fincertId":"FINCERT-2026-000163","incidentId":6038,"idempotencyKey":"incident-6038","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:23:46.899614Z","receivedAt":"2026-05-15T20:23:46.930679Z"},{"id":162,"fincertId":"FINCERT-2026-000162","incidentId":6035,"idempotencyKey":"incident-6035","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:23:43.894945Z","receivedAt":"2026-05-15T20:23:43.914579Z"},{"id":161,"fincertId":"FINCERT-2026-000161","incidentId":6032,"idempotencyKey":"incident-6032","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:40.895786Z","receivedAt":"2026-05-15T20:23:40.917819Z"},{"id":160,"fincertId":"FINCERT-2026-000160","incidentId":6030,"idempotencyKey":"incident-6030","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:38.897890Z","receivedAt":"2026-05-15T20:23:38.934298Z"},{"id":159,"fincertId":"FINCERT-2026-000159","incidentId":6028,"idempotencyKey":"incident-6028","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:23:36.895860Z","receivedAt":"2026-05-15T20:23:36.916580Z"},{"id":158,"fincertId":"FINCERT-2026-000158","incidentId":6027,"idempotencyKey":"incident-6027","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:23:35.899637Z","receivedAt":"2026-05-15T20:23:35.938265Z"},{"id":157,"fincertId":"FINCERT-2026-000157","incidentId":6025,"idempotencyKey":"incident-6025","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:33.897648Z","receivedAt":"2026-05-15T20:23:33.930652Z"},{"id":156,"fincertId":"FINCERT-2026-000156","incidentId":6021,"idempotencyKey":"incident-6021","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:23:29.895073Z","receivedAt":"2026-05-15T20:23:29.923407Z"},{"id":155,"fincertId":"FINCERT-2026-000155","incidentId":6020,"idempotencyKey":"incident-6020","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:23:28.901023Z","receivedAt":"2026-05-15T20:23:28.946452Z"},{"id":154,"fincertId":"FINCERT-2026-000154","incidentId":6019,"idempotencyKey":"incident-6019","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:27.897600Z","receivedAt":"2026-05-15T20:23:27.922271Z"},{"id":153,"fincertId":"FINCERT-2026-000153","incidentId":6017,"idempotencyKey":"incident-6017","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:25.900066Z","receivedAt":"2026-05-15T20:23:25.925448Z"},{"id":152,"fincertId":"FINCERT-2026-000152","incidentId":6016,"idempotencyKey":"incident-6016","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:24.899392Z","receivedAt":"2026-05-15T20:23:24.952056Z"},{"id":151,"fincertId":"FINCERT-2026-000151","incidentId":6015,"idempotencyKey":"incident-6015","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:23:23.896905Z","receivedAt":"2026-05-15T20:23:23.933492Z"},{"id":150,"fincertId":"FINCERT-2026-000150","incidentId":6013,"idempotencyKey":"incident-6013","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:23:21.894576Z","receivedAt":"2026-05-15T20:23:21.923584Z"},{"id":149,"fincertId":"FINCERT-2026-000149","incidentId":6008,"idempotencyKey":"incident-6008","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:23:16.896042Z","receivedAt":"2026-05-15T20:23:16.921952Z"},{"id":148,"fincertId":"FINCERT-2026-000148","incidentId":6003,"idempotencyKey":"incident-6003","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:23:11.894512Z","receivedAt":"2026-05-15T20:23:11.929061Z"},{"id":147,"fincertId":"FINCERT-2026-000147","incidentId":6000,"idempotencyKey":"incident-6000","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:08.896156Z","receivedAt":"2026-05-15T20:23:08.922560Z"},{"id":146,"fincertId":"FINCERT-2026-000146","incidentId":5996,"idempotencyKey":"incident-5996","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:04.895980Z","receivedAt":"2026-05-15T20:23:04.923222Z"},{"id":145,"fincertId":"FINCERT-2026-000145","incidentId":5993,"idempotencyKey":"incident-5993","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:23:01.898098Z","receivedAt":"2026-05-15T20:23:01.928438Z"},{"id":144,"fincertId":"FINCERT-2026-000144","incidentId":5991,"idempotencyKey":"incident-5991","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:22:59.895425Z","receivedAt":"2026-05-15T20:22:59.919790Z"},{"id":143,"fincertId":"FINCERT-2026-000143","incidentId":5989,"idempotencyKey":"incident-5989","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:22:57.895100Z","receivedAt":"2026-05-15T20:22:57.918480Z"},{"id":142,"fincertId":"FINCERT-2026-000142","incidentId":5986,"idempotencyKey":"incident-5986","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:22:54.896667Z","receivedAt":"2026-05-15T20:22:54.918520Z"},{"id":141,"fincertId":"FINCERT-2026-000141","incidentId":5983,"idempotencyKey":"incident-5983","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:22:51.895606Z","receivedAt":"2026-05-15T20:22:51.919580Z"},{"id":140,"fincertId":"FINCERT-2026-000140","incidentId":5980,"idempotencyKey":"incident-5980","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:22:48.896855Z","receivedAt":"2026-05-15T20:22:48.921088Z"},{"id":139,"fincertId":"FINCERT-2026-000139","incidentId":5979,"idempotencyKey":"incident-5979","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:22:47.895361Z","receivedAt":"2026-05-15T20:22:47.916823Z"},{"id":138,"fincertId":"FINCERT-2026-000138","incidentId":5971,"idempotencyKey":"incident-5971","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:22:39.895959Z","receivedAt":"2026-05-15T20:22:39.920153Z"},{"id":137,"fincertId":"FINCERT-2026-000137","incidentId":5970,"idempotencyKey":"incident-5970","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:22:38.896070Z","receivedAt":"2026-05-15T20:22:38.919309Z"},{"id":136,"fincertId":"FINCERT-2026-000136","incidentId":5968,"idempotencyKey":"incident-5968","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:22:36.896684Z","receivedAt":"2026-05-15T20:22:36.925038Z"},{"id":135,"fincertId":"FINCERT-2026-000135","incidentId":5966,"idempotencyKey":"incident-5966","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:22:34.895830Z","receivedAt":"2026-05-15T20:22:34.920320Z"},{"id":134,"fincertId":"FINCERT-2026-000134","incidentId":5961,"idempotencyKey":"incident-5961","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:22:29.895584Z","receivedAt":"2026-05-15T20:22:29.916990Z"},{"id":133,"fincertId":"FINCERT-2026-000133","incidentId":5960,"idempotencyKey":"incident-5960","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:22:28.897677Z","receivedAt":"2026-05-15T20:22:28.923670Z"},{"id":132,"fincertId":"FINCERT-2026-000132","incidentId":5959,"idempotencyKey":"incident-5959","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:22:27.895106Z","receivedAt":"2026-05-15T20:22:27.926328Z"},{"id":131,"fincertId":"FINCERT-2026-000131","incidentId":5957,"idempotencyKey":"incident-5957","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:22:25.899032Z","receivedAt":"2026-05-15T20:22:25.923339Z"},{"id":130,"fincertId":"FINCERT-2026-000130","incidentId":5956,"idempotencyKey":"incident-5956","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:22:24.895318Z","receivedAt":"2026-05-15T20:22:24.914770Z"},{"id":129,"fincertId":"FINCERT-2026-000129","incidentId":5951,"idempotencyKey":"incident-5951","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:22:19.897121Z","receivedAt":"2026-05-15T20:22:19.921788Z"},{"id":128,"fincertId":"FINCERT-2026-000128","incidentId":5949,"idempotencyKey":"incident-5949","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:22:17.899439Z","receivedAt":"2026-05-15T20:22:17.947642Z"},{"id":127,"fincertId":"FINCERT-2026-000127","incidentId":5947,"idempotencyKey":"incident-5947","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:22:15.902262Z","receivedAt":"2026-05-15T20:22:15.963052Z"},{"id":126,"fincertId":"FINCERT-2026-000126","incidentId":5941,"idempotencyKey":"incident-5941","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:22:09.898947Z","receivedAt":"2026-05-15T20:22:09.939305Z"},{"id":125,"fincertId":"FINCERT-2026-000125","incidentId":5934,"idempotencyKey":"incident-5934","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:22:02.895476Z","receivedAt":"2026-05-15T20:22:02.919257Z"},{"id":124,"fincertId":"FINCERT-2026-000124","incidentId":5933,"idempotencyKey":"incident-5933","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:22:01.899782Z","receivedAt":"2026-05-15T20:22:01.954385Z"},{"id":123,"fincertId":"FINCERT-2026-000123","incidentId":5930,"idempotencyKey":"incident-5930","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:58.900802Z","receivedAt":"2026-05-15T20:21:58.930098Z"},{"id":122,"fincertId":"FINCERT-2026-000122","incidentId":5927,"idempotencyKey":"incident-5927","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:55.896846Z","receivedAt":"2026-05-15T20:21:55.927118Z"},{"id":121,"fincertId":"FINCERT-2026-000121","incidentId":5918,"idempotencyKey":"incident-5918","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:46.895680Z","receivedAt":"2026-05-15T20:21:46.937071Z"},{"id":120,"fincertId":"FINCERT-2026-000120","incidentId":5915,"idempotencyKey":"incident-5915","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:21:43.898672Z","receivedAt":"2026-05-15T20:21:43.929879Z"},{"id":119,"fincertId":"FINCERT-2026-000119","incidentId":5913,"idempotencyKey":"incident-5913","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:41.898163Z","receivedAt":"2026-05-15T20:21:41.938438Z"},{"id":118,"fincertId":"FINCERT-2026-000118","incidentId":5905,"idempotencyKey":"incident-5905","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:33.897339Z","receivedAt":"2026-05-15T20:21:33.930475Z"},{"id":117,"fincertId":"FINCERT-2026-000117","incidentId":5901,"idempotencyKey":"incident-5901","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:29.895470Z","receivedAt":"2026-05-15T20:21:29.919857Z"},{"id":116,"fincertId":"FINCERT-2026-000116","incidentId":5900,"idempotencyKey":"incident-5900","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:21:28.896723Z","receivedAt":"2026-05-15T20:21:28.920952Z"},{"id":115,"fincertId":"FINCERT-2026-000115","incidentId":5898,"idempotencyKey":"incident-5898","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:26.895810Z","receivedAt":"2026-05-15T20:21:26.919658Z"},{"id":114,"fincertId":"FINCERT-2026-000114","incidentId":5897,"idempotencyKey":"incident-5897","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:25.896060Z","receivedAt":"2026-05-15T20:21:25.915599Z"},{"id":113,"fincertId":"FINCERT-2026-000113","incidentId":5896,"idempotencyKey":"incident-5896","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:21:24.896441Z","receivedAt":"2026-05-15T20:21:24.930751Z"},{"id":112,"fincertId":"FINCERT-2026-000112","incidentId":5892,"idempotencyKey":"incident-5892","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:20.895092Z","receivedAt":"2026-05-15T20:21:20.916351Z"},{"id":111,"fincertId":"FINCERT-2026-000111","incidentId":5889,"idempotencyKey":"incident-5889","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:21:17.901746Z","receivedAt":"2026-05-15T20:21:17.944534Z"},{"id":110,"fincertId":"FINCERT-2026-000110","incidentId":5887,"idempotencyKey":"incident-5887","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:21:15.897538Z","receivedAt":"2026-05-15T20:21:15.921566Z"},{"id":109,"fincertId":"FINCERT-2026-000109","incidentId":5878,"idempotencyKey":"incident-5878","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:06.894743Z","receivedAt":"2026-05-15T20:21:06.916928Z"},{"id":108,"fincertId":"FINCERT-2026-000108","incidentId":5876,"idempotencyKey":"incident-5876","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:04.895075Z","receivedAt":"2026-05-15T20:21:04.929955Z"},{"id":107,"fincertId":"FINCERT-2026-000107","incidentId":5874,"idempotencyKey":"incident-5874","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:02.895691Z","receivedAt":"2026-05-15T20:21:02.920794Z"},{"id":106,"fincertId":"FINCERT-2026-000106","incidentId":5872,"idempotencyKey":"incident-5872","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:21:00.896830Z","receivedAt":"2026-05-15T20:21:00.928279Z"},{"id":105,"fincertId":"FINCERT-2026-000105","incidentId":5870,"idempotencyKey":"incident-5870","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:58.895212Z","receivedAt":"2026-05-15T20:20:58.925285Z"},{"id":104,"fincertId":"FINCERT-2026-000104","incidentId":5869,"idempotencyKey":"incident-5869","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:20:57.896675Z","receivedAt":"2026-05-15T20:20:57.922299Z"},{"id":103,"fincertId":"FINCERT-2026-000103","incidentId":5868,"idempotencyKey":"incident-5868","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:56.897766Z","receivedAt":"2026-05-15T20:20:56.918897Z"},{"id":102,"fincertId":"FINCERT-2026-000102","incidentId":5867,"idempotencyKey":"incident-5867","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:55.899269Z","receivedAt":"2026-05-15T20:20:55.931833Z"},{"id":101,"fincertId":"FINCERT-2026-000101","incidentId":5865,"idempotencyKey":"incident-5865","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:20:53.899631Z","receivedAt":"2026-05-15T20:20:53.933805Z"},{"id":100,"fincertId":"FINCERT-2026-000100","incidentId":5861,"idempotencyKey":"incident-5861","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:20:49.916152Z","receivedAt":"2026-05-15T20:20:49.943096Z"},{"id":99,"fincertId":"FINCERT-2026-000099","incidentId":5853,"idempotencyKey":"incident-5853","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:41.898616Z","receivedAt":"2026-05-15T20:20:41.931849Z"},{"id":98,"fincertId":"FINCERT-2026-000098","incidentId":5849,"idempotencyKey":"incident-5849","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:37.907042Z","receivedAt":"2026-05-15T20:20:37.962544Z"},{"id":97,"fincertId":"FINCERT-2026-000097","incidentId":5845,"idempotencyKey":"incident-5845","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:20:33.903744Z","receivedAt":"2026-05-15T20:20:33.937408Z"},{"id":96,"fincertId":"FINCERT-2026-000096","incidentId":5844,"idempotencyKey":"incident-5844","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:20:32.897804Z","receivedAt":"2026-05-15T20:20:32.940841Z"},{"id":95,"fincertId":"FINCERT-2026-000095","incidentId":5843,"idempotencyKey":"incident-5843","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:31.903775Z","receivedAt":"2026-05-15T20:20:31.945088Z"},{"id":94,"fincertId":"FINCERT-2026-000094","incidentId":5842,"idempotencyKey":"incident-5842","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:20:30.899635Z","receivedAt":"2026-05-15T20:20:30.923322Z"},{"id":93,"fincertId":"FINCERT-2026-000093","incidentId":5841,"idempotencyKey":"incident-5841","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:20:29.898642Z","receivedAt":"2026-05-15T20:20:29.936285Z"},{"id":92,"fincertId":"FINCERT-2026-000092","incidentId":5838,"idempotencyKey":"incident-5838","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:20:26.897324Z","receivedAt":"2026-05-15T20:20:26.939779Z"},{"id":91,"fincertId":"FINCERT-2026-000091","incidentId":5836,"idempotencyKey":"incident-5836","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:24.899520Z","receivedAt":"2026-05-15T20:20:24.934297Z"},{"id":90,"fincertId":"FINCERT-2026-000090","incidentId":5833,"idempotencyKey":"incident-5833","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:20:21.903740Z","receivedAt":"2026-05-15T20:20:21.953102Z"},{"id":89,"fincertId":"FINCERT-2026-000089","incidentId":5831,"idempotencyKey":"incident-5831","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:20:19.896651Z","receivedAt":"2026-05-15T20:20:19.926366Z"},{"id":88,"fincertId":"FINCERT-2026-000088","incidentId":5830,"idempotencyKey":"incident-5830","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:18.898578Z","receivedAt":"2026-05-15T20:20:18.935567Z"},{"id":87,"fincertId":"FINCERT-2026-000087","incidentId":5829,"idempotencyKey":"incident-5829","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:20:17.898682Z","receivedAt":"2026-05-15T20:20:17.937284Z"},{"id":86,"fincertId":"FINCERT-2026-000086","incidentId":5828,"idempotencyKey":"incident-5828","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:20:16.897604Z","receivedAt":"2026-05-15T20:20:16.937632Z"},{"id":85,"fincertId":"FINCERT-2026-000085","incidentId":5823,"idempotencyKey":"incident-5823","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:11.897128Z","receivedAt":"2026-05-15T20:20:11.975663Z"},{"id":84,"fincertId":"FINCERT-2026-000084","incidentId":5820,"idempotencyKey":"incident-5820","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:20:08.895857Z","receivedAt":"2026-05-15T20:20:08.925726Z"},{"id":83,"fincertId":"FINCERT-2026-000083","incidentId":5819,"idempotencyKey":"incident-5819","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:20:07.895877Z","receivedAt":"2026-05-15T20:20:07.923246Z"},{"id":82,"fincertId":"FINCERT-2026-000082","incidentId":5816,"idempotencyKey":"incident-5816","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:20:04.895516Z","receivedAt":"2026-05-15T20:20:04.915481Z"},{"id":81,"fincertId":"FINCERT-2026-000081","incidentId":5807,"idempotencyKey":"incident-5807","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:55.895636Z","receivedAt":"2026-05-15T20:19:55.923562Z"},{"id":80,"fincertId":"FINCERT-2026-000080","incidentId":5805,"idempotencyKey":"incident-5805","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:53.896945Z","receivedAt":"2026-05-15T20:19:53.930Z"},{"id":79,"fincertId":"FINCERT-2026-000079","incidentId":5803,"idempotencyKey":"incident-5803","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:19:51.895887Z","receivedAt":"2026-05-15T20:19:51.921032Z"},{"id":78,"fincertId":"FINCERT-2026-000078","incidentId":5802,"idempotencyKey":"incident-5802","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:19:50.896049Z","receivedAt":"2026-05-15T20:19:50.922127Z"},{"id":77,"fincertId":"FINCERT-2026-000077","incidentId":5800,"idempotencyKey":"incident-5800","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:19:48.897791Z","receivedAt":"2026-05-15T20:19:48.937935Z"},{"id":76,"fincertId":"FINCERT-2026-000076","incidentId":5796,"idempotencyKey":"incident-5796","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:44.903619Z","receivedAt":"2026-05-15T20:19:44.957488Z"},{"id":75,"fincertId":"FINCERT-2026-000075","incidentId":5791,"idempotencyKey":"incident-5791","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:19:39.896882Z","receivedAt":"2026-05-15T20:19:39.949Z"},{"id":74,"fincertId":"FINCERT-2026-000074","incidentId":5790,"idempotencyKey":"incident-5790","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:19:38.899015Z","receivedAt":"2026-05-15T20:19:38.946139Z"},{"id":73,"fincertId":"FINCERT-2026-000073","incidentId":5789,"idempotencyKey":"incident-5789","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:19:37.899661Z","receivedAt":"2026-05-15T20:19:37.935012Z"},{"id":72,"fincertId":"FINCERT-2026-000072","incidentId":5783,"idempotencyKey":"incident-5783","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:31.896308Z","receivedAt":"2026-05-15T20:19:31.934024Z"},{"id":71,"fincertId":"FINCERT-2026-000071","incidentId":5782,"idempotencyKey":"incident-5782","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:30.904796Z","receivedAt":"2026-05-15T20:19:30.934996Z"},{"id":70,"fincertId":"FINCERT-2026-000070","incidentId":5779,"idempotencyKey":"incident-5779","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:19:27.905742Z","receivedAt":"2026-05-15T20:19:27.945590Z"},{"id":69,"fincertId":"FINCERT-2026-000069","incidentId":5775,"idempotencyKey":"incident-5775","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:23.898019Z","receivedAt":"2026-05-15T20:19:23.926375Z"},{"id":68,"fincertId":"FINCERT-2026-000068","incidentId":5774,"idempotencyKey":"incident-5774","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:22.902067Z","receivedAt":"2026-05-15T20:19:22.974423Z"},{"id":67,"fincertId":"FINCERT-2026-000067","incidentId":5772,"idempotencyKey":"incident-5772","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:20.897904Z","receivedAt":"2026-05-15T20:19:20.930550Z"},{"id":66,"fincertId":"FINCERT-2026-000066","incidentId":5767,"idempotencyKey":"incident-5767","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:15.895545Z","receivedAt":"2026-05-15T20:19:15.929735Z"},{"id":65,"fincertId":"FINCERT-2026-000065","incidentId":5757,"idempotencyKey":"incident-5757","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:05.896497Z","receivedAt":"2026-05-15T20:19:05.924745Z"},{"id":64,"fincertId":"FINCERT-2026-000064","incidentId":5755,"idempotencyKey":"incident-5755","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:19:03.900726Z","receivedAt":"2026-05-15T20:19:03.933652Z"},{"id":63,"fincertId":"FINCERT-2026-000063","incidentId":5754,"idempotencyKey":"incident-5754","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:19:02.898776Z","receivedAt":"2026-05-15T20:19:02.939383Z"},{"id":62,"fincertId":"FINCERT-2026-000062","incidentId":5752,"idempotencyKey":"incident-5752","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:19:00.898770Z","receivedAt":"2026-05-15T20:19:00.929312Z"},{"id":61,"fincertId":"FINCERT-2026-000061","incidentId":5748,"idempotencyKey":"incident-5748","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:18:56.896690Z","receivedAt":"2026-05-15T20:18:56.968528Z"},{"id":60,"fincertId":"FINCERT-2026-000060","incidentId":5746,"idempotencyKey":"incident-5746","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:18:54.895984Z","receivedAt":"2026-05-15T20:18:54.929522Z"},{"id":59,"fincertId":"FINCERT-2026-000059","incidentId":5745,"idempotencyKey":"incident-5745","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:18:53.897081Z","receivedAt":"2026-05-15T20:18:53.925619Z"},{"id":58,"fincertId":"FINCERT-2026-000058","incidentId":5744,"idempotencyKey":"incident-5744","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:18:52.899414Z","receivedAt":"2026-05-15T20:18:52.945924Z"},{"id":57,"fincertId":"FINCERT-2026-000057","incidentId":5743,"idempotencyKey":"incident-5743","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:51.897787Z","receivedAt":"2026-05-15T20:18:51.925142Z"},{"id":56,"fincertId":"FINCERT-2026-000056","incidentId":5742,"idempotencyKey":"incident-5742","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:50.897552Z","receivedAt":"2026-05-15T20:18:50.945037Z"},{"id":55,"fincertId":"FINCERT-2026-000055","incidentId":5740,"idempotencyKey":"incident-5740","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:48.895108Z","receivedAt":"2026-05-15T20:18:48.922287Z"},{"id":54,"fincertId":"FINCERT-2026-000054","incidentId":5738,"idempotencyKey":"incident-5738","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:46.897030Z","receivedAt":"2026-05-15T20:18:46.927235Z"},{"id":53,"fincertId":"FINCERT-2026-000053","incidentId":5737,"idempotencyKey":"incident-5737","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:18:45.897795Z","receivedAt":"2026-05-15T20:18:45.934061Z"},{"id":52,"fincertId":"FINCERT-2026-000052","incidentId":5734,"idempotencyKey":"incident-5734","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:18:42.897072Z","receivedAt":"2026-05-15T20:18:42.924346Z"},{"id":51,"fincertId":"FINCERT-2026-000051","incidentId":5731,"idempotencyKey":"incident-5731","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:18:39.897153Z","receivedAt":"2026-05-15T20:18:39.922556Z"},{"id":50,"fincertId":"FINCERT-2026-000050","incidentId":5727,"idempotencyKey":"incident-5727","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:35.910331Z","receivedAt":"2026-05-15T20:18:36.032850Z"},{"id":49,"fincertId":"FINCERT-2026-000049","incidentId":5724,"idempotencyKey":"incident-5724","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:18:32.898517Z","receivedAt":"2026-05-15T20:18:32.933915Z"},{"id":48,"fincertId":"FINCERT-2026-000048","incidentId":5722,"idempotencyKey":"incident-5722","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:30.897273Z","receivedAt":"2026-05-15T20:18:30.926286Z"},{"id":47,"fincertId":"FINCERT-2026-000047","incidentId":5721,"idempotencyKey":"incident-5721","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:29.899226Z","receivedAt":"2026-05-15T20:18:29.932084Z"},{"id":46,"fincertId":"FINCERT-2026-000046","incidentId":5719,"idempotencyKey":"incident-5719","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:27.898831Z","receivedAt":"2026-05-15T20:18:27.926970Z"},{"id":45,"fincertId":"FINCERT-2026-000045","incidentId":5717,"idempotencyKey":"incident-5717","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:25.898411Z","receivedAt":"2026-05-15T20:18:25.940880Z"},{"id":44,"fincertId":"FINCERT-2026-000044","incidentId":5712,"idempotencyKey":"incident-5712","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:18:20.898693Z","receivedAt":"2026-05-15T20:18:20.938555Z"},{"id":43,"fincertId":"FINCERT-2026-000043","incidentId":5709,"idempotencyKey":"incident-5709","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:18:17.898Z","receivedAt":"2026-05-15T20:18:17.937887Z"},{"id":42,"fincertId":"FINCERT-2026-000042","incidentId":5705,"idempotencyKey":"incident-5705","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:18:13.899857Z","receivedAt":"2026-05-15T20:18:13.930141Z"},{"id":41,"fincertId":"FINCERT-2026-000041","incidentId":5695,"idempotencyKey":"incident-5695","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:18:03.897810Z","receivedAt":"2026-05-15T20:18:03.929084Z"},{"id":40,"fincertId":"FINCERT-2026-000040","incidentId":5691,"idempotencyKey":"incident-5691","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:17:59.900032Z","receivedAt":"2026-05-15T20:17:59.956135Z"},{"id":39,"fincertId":"FINCERT-2026-000039","incidentId":5689,"idempotencyKey":"incident-5689","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:57.897023Z","receivedAt":"2026-05-15T20:17:57.923712Z"},{"id":38,"fincertId":"FINCERT-2026-000038","incidentId":5687,"idempotencyKey":"incident-5687","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:55.897030Z","receivedAt":"2026-05-15T20:17:55.929481Z"},{"id":37,"fincertId":"FINCERT-2026-000037","incidentId":5686,"idempotencyKey":"incident-5686","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:54.897019Z","receivedAt":"2026-05-15T20:17:54.936967Z"},{"id":36,"fincertId":"FINCERT-2026-000036","incidentId":5684,"idempotencyKey":"incident-5684","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:17:52.898680Z","receivedAt":"2026-05-15T20:17:52.927270Z"},{"id":35,"fincertId":"FINCERT-2026-000035","incidentId":5683,"idempotencyKey":"incident-5683","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:17:51.898697Z","receivedAt":"2026-05-15T20:17:51.941698Z"},{"id":34,"fincertId":"FINCERT-2026-000034","incidentId":5680,"idempotencyKey":"incident-5680","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:48.897483Z","receivedAt":"2026-05-15T20:17:48.938971Z"},{"id":33,"fincertId":"FINCERT-2026-000033","incidentId":5679,"idempotencyKey":"incident-5679","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:47.898037Z","receivedAt":"2026-05-15T20:17:47.931497Z"},{"id":32,"fincertId":"FINCERT-2026-000032","incidentId":5675,"idempotencyKey":"incident-5675","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:43.896804Z","receivedAt":"2026-05-15T20:17:43.929790Z"},{"id":31,"fincertId":"FINCERT-2026-000031","incidentId":5674,"idempotencyKey":"incident-5674","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:42.899130Z","receivedAt":"2026-05-15T20:17:42.933824Z"},{"id":30,"fincertId":"FINCERT-2026-000030","incidentId":5673,"idempotencyKey":"incident-5673","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:17:41.896946Z","receivedAt":"2026-05-15T20:17:41.933457Z"},{"id":29,"fincertId":"FINCERT-2026-000029","incidentId":5671,"idempotencyKey":"incident-5671","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:17:39.897513Z","receivedAt":"2026-05-15T20:17:39.927848Z"},{"id":28,"fincertId":"FINCERT-2026-000028","incidentId":5667,"idempotencyKey":"incident-5667","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:35.898026Z","receivedAt":"2026-05-15T20:17:35.933132Z"},{"id":27,"fincertId":"FINCERT-2026-000027","incidentId":5665,"idempotencyKey":"incident-5665","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:33.900036Z","receivedAt":"2026-05-15T20:17:33.934926Z"},{"id":26,"fincertId":"FINCERT-2026-000026","incidentId":5662,"idempotencyKey":"incident-5662","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:17:30.897838Z","receivedAt":"2026-05-15T20:17:30.932167Z"},{"id":25,"fincertId":"FINCERT-2026-000025","incidentId":5658,"idempotencyKey":"incident-5658","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:26.898395Z","receivedAt":"2026-05-15T20:17:26.930293Z"},{"id":24,"fincertId":"FINCERT-2026-000024","incidentId":5657,"idempotencyKey":"incident-5657","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:17:25.896773Z","receivedAt":"2026-05-15T20:17:25.932240Z"},{"id":23,"fincertId":"FINCERT-2026-000023","incidentId":5652,"idempotencyKey":"incident-5652","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:17:24.776005Z","receivedAt":"2026-05-15T20:17:24.814371Z"},{"id":22,"fincertId":"FINCERT-2026-000022","incidentId":5651,"idempotencyKey":"incident-5651","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:17:24.649549Z","receivedAt":"2026-05-15T20:17:24.711256Z"},{"id":21,"fincertId":"FINCERT-2026-000021","incidentId":5648,"idempotencyKey":"incident-5648","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:24.364728Z","receivedAt":"2026-05-15T20:17:24.415837Z"},{"id":20,"fincertId":"FINCERT-2026-000020","incidentId":5644,"idempotencyKey":"incident-5644","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:17:24.135959Z","receivedAt":"2026-05-15T20:17:24.181249Z"},{"id":19,"fincertId":"FINCERT-2026-000019","incidentId":5642,"idempotencyKey":"incident-5642","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:17:23.974429Z","receivedAt":"2026-05-15T20:17:24.037141Z"},{"id":18,"fincertId":"FINCERT-2026-000018","incidentId":5640,"idempotencyKey":"incident-5640","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:23.790969Z","receivedAt":"2026-05-15T20:17:23.861248Z"},{"id":17,"fincertId":"FINCERT-2026-000017","incidentId":5636,"idempotencyKey":"incident-5636","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:17:23.613715Z","receivedAt":"2026-05-15T20:17:23.657768Z"},{"id":16,"fincertId":"FINCERT-2026-000016","incidentId":5635,"idempotencyKey":"incident-5635","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:23.562712Z","receivedAt":"2026-05-15T20:17:23.592798Z"},{"id":15,"fincertId":"FINCERT-2026-000015","incidentId":5634,"idempotencyKey":"incident-5634","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:17:23.440927Z","receivedAt":"2026-05-15T20:17:23.515489Z"},{"id":14,"fincertId":"FINCERT-2026-000014","incidentId":5632,"idempotencyKey":"incident-5632","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:17:23.271859Z","receivedAt":"2026-05-15T20:17:23.331619Z"},{"id":13,"fincertId":"FINCERT-2026-000013","incidentId":5628,"idempotencyKey":"incident-5628","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:17:23.033461Z","receivedAt":"2026-05-15T20:17:23.077248Z"},{"id":12,"fincertId":"FINCERT-2026-000012","incidentId":5622,"idempotencyKey":"incident-5622","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:22.502080Z","receivedAt":"2026-05-15T20:17:22.550535Z"},{"id":11,"fincertId":"FINCERT-2026-000011","incidentId":5621,"idempotencyKey":"incident-5621","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:22.418420Z","receivedAt":"2026-05-15T20:17:22.467946Z"},{"id":10,"fincertId":"FINCERT-2026-000010","incidentId":5620,"idempotencyKey":"incident-5620","severity":"P1","category":"DDOS","title":"[R-DDOS-01] Превышение профиля трафика к фронтам ДБО","description":"Объём трафика > 10x от базовой линии","occurredAt":"2026-05-15T22:17:22.304111Z","receivedAt":"2026-05-15T20:17:22.390997Z"},{"id":9,"fincertId":"FINCERT-2026-000009","incidentId":5616,"idempotencyKey":"incident-5616","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:17:22.006646Z","receivedAt":"2026-05-15T20:17:22.084773Z"},{"id":8,"fincertId":"FINCERT-2026-000008","incidentId":5612,"idempotencyKey":"incident-5612","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:21.680150Z","receivedAt":"2026-05-15T20:17:21.728633Z"},{"id":7,"fincertId":"FINCERT-2026-000007","incidentId":5611,"idempotencyKey":"incident-5611","severity":"P1","category":"APT","title":"[R-APT-02] Эксфильтрация данных через C2","description":"Подозрительные исходящие соединения с большим объёмом данных","occurredAt":"2026-05-15T22:17:21.589790Z","receivedAt":"2026-05-15T20:17:21.651044Z"},{"id":6,"fincertId":"FINCERT-2026-000006","incidentId":5610,"idempotencyKey":"incident-5610","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:17:21.500751Z","receivedAt":"2026-05-15T20:17:21.554879Z"},{"id":5,"fincertId":"FINCERT-2026-000005","incidentId":5609,"idempotencyKey":"incident-5609","severity":"P1","category":"APT","title":"[R-APT-03] Команды через DNS-туннель","description":"Аномальные DNS-запросы, признаки DNS-tunneling","occurredAt":"2026-05-15T22:17:21.422052Z","receivedAt":"2026-05-15T20:17:21.471611Z"},{"id":4,"fincertId":"FINCERT-2026-000004","incidentId":5608,"idempotencyKey":"incident-5608","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:21.365328Z","receivedAt":"2026-05-15T20:17:21.399946Z"},{"id":3,"fincertId":"FINCERT-2026-000003","incidentId":5606,"idempotencyKey":"incident-5606","severity":"P1","category":"INSIDER","title":"[R-INS-02] Копирование на внешние носители","description":"USB-устройство + копирование файлов из защищённой зоны","occurredAt":"2026-05-15T22:17:21.184044Z","receivedAt":"2026-05-15T20:17:21.249392Z"},{"id":2,"fincertId":"FINCERT-2026-000002","incidentId":5604,"idempotencyKey":"incident-5604","severity":"P1","category":"APT","title":"[R-APT-01] Kill chain (разведка → эксплуатация → закрепление → латеральное)","description":"Цепочка событий, характерных для целевой атаки","occurredAt":"2026-05-15T22:17:20.210840Z","receivedAt":"2026-05-15T20:17:20.273875Z"},{"id":1,"fincertId":"FINCERT-2026-000001","incidentId":5603,"idempotencyKey":"incident-5603","severity":"P1","category":"UNAUTHORIZED_ACCESS","title":"[R-UA-04] Эскалация привилегий","description":"Получение прав root/admin через известный exploit","occurredAt":"2026-05-15T22:17:18.022871Z","receivedAt":"2026-05-15T20:17:19.677734Z"}]