We've connections to the MySQL server from suspicious IP.
According https://www.abuseipdb.com/check/88.214.26.17, this IP has been reported today for "SQL brute force auth on honeypot MySQL/MariaDB". That could explain T1520 slowness if the MySQL process is too solicited.
Ysul has a MySQL server which listens to the world with the intent to serve as demonstration and support during workshops. We could switch to Drake IP instead.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | dereckson | T928 Deploy Vault to store credentials | |||
| Resolved | dereckson | T923 Switch Vault to restricted network | |||
| Unknown Object (Maniphest Task) | |||||
| Open | None | T1616 Build a bastion - load balancers - private instances network topology | |||
| Resolved | dereckson | T1702 Deploy Complector aka la source | |||
| Resolved | dereckson | T1619 Connect all baremetal servers to Drake network | |||
| Wontfix | dereckson | T1520 Ysul reacts slowly to interactive applications | |||
| Resolved | dereckson | T1521 Restrict MySQL access |
Subtask removed to simplify the graph. It's the task where db-B-001 has been created and so solved this one.