6 of 6 alerts shown.
Privilege escalation attempt: chmod on /etc/shadow blocked by policy.
Unsigned binary unknown.exe spawned 14 child processes within 2 seconds.
Anomalous write frequency: 612 writes/sec to /tmp/burst.log (baseline 4/s).
Outbound connection to known C2 IP on threat intelligence feed.
Cryptominer signature match (xmrig variant). CPU usage spike 96%.
Unusual read of /etc/passwd from web service user.