incident-triage/fixtures/signal-zabbix-ddos.json

{
  "source": "zabbix",
  "external_id": "ZBX-EVT-9374",
  "raw_payload": {
    "title": "DDoS attack pattern detected on edge",
    "host": "rtr-r3.lvrtc.lv",
    "severity": "critical",
    "body": "Volumetric UDP flood, 4.2 Gbps inbound to 192.0.2.0/24. Source: 12 ASNs, predominantly AS197207. Auto-mitigation engaged.",
    "tags": ["security", "ddos"]
  },
  "expected_after_triage": {
    "taxonomy_code": "security.incident",
    "priority": "P1",
    "ownership": "lvrtc",
    "group_slug": "soc-l2"
  }
}