Sentinel Reports

Some data that we show on Sentinel View pages are limited to simple overall statistics due to their real-time nature.

To give data a broader perspective, and more context and to include even more complex statistics, we release Sentinel Reports in PDF form on a monthly basis.

List of Sentinel Reports

How are the reports prepared

For the tables like Password deltas and Port trends, we are comparing data we gathered on the topic for the past month with the same samples from the month before. For other types of data, we run more complex queries over the raw anonymized data to find the relevant statistics for the month.

Data sources

is a snapshot of our Dynamic firewall. It contains only IP addresses that were really suspicious and earned themself their spot on the blacklist. It is interesting to analyze those data and try to summarize the activity of the attackers over the whole month. This can serve as a simple indicator of how active the attacker's community was in a specific month.

is the source for reports about monthly trends in port scans for port-protocol combinations. Compared to what we publish on Sentinel View pages, this list is based on the number of attackers targeting the port. The description serves as a hint of the services that the attacker may be interested in. This information can help security researchers spot new trends and give sysadmins an indication of which services need to be more carefully watched.

is a data source primarily used by Sentinel View, but it can also help us with the Reports. The table shows how many times we've seen individual passwords being used in attack attempts last month in comparison to the month before. The data were ordered by count last month. This allows you to spot passwords that just became popular. This information may point out some new vulnerable devices or new malware spreading through the Internet.


You can get the latest reports directly to your mailbox if you subscribe to the Sentinel Report newsletter.