Telemetry

Logs & Telemetry

Inbound/outbound traffic, internal events, SSRF logic, suppression, and correlation.

Last updated May 2026

Inbound and outbound traffic

Inbound logs capture HTTP and service probes—method, path, headers, body snippets. Outbound logs record lure-initiated connections (e.g., SSRF callbacks, malware C2 attempts) essential for post-compromise narratives.

H1VE inbound lure logs table
Lure inbound logs with threat filters, search, export, and detections including scanner and crawler tags.

Internal events

Process execution monitoring and file activity telemetry come from instrumented lure runtimes. These events often surface what HTTP logs miss—reverse shells, dropped binaries, cron persistence.

SSRF detection and false positive reduction

SSRF logic correlates outbound attempts with triggering inbound requests.Suppression rules and clusters tame scanner noise; tune after baseline week. Admin detection rules and CVE suppressions prevent duplicate Nuclei hits from dominating queues.

Event correlation

Correlation links IPs, lures, and telemetry types in Research timelines—use before opening separate log tabs per lure.