Bot Insights — security risk triage

SOC Triage — www.example.com, ASN risk queue

Top entities ranked by mechanical risk indicators for the current window.

Comparison window

2026-04-07 00:00 → 2026-04-14 00:00 UTC

vs 2026-03-31 00:00 → 2026-04-07 00:00 UTC

Executive summary

What this report says

1 of 2 ASN needs analyst attention — start with ASN 64500 (bad-bot share 65%, SIEM evidence present).

SOC investigate ASN 64500 now; monitor / enrich ASN 64600.

Recommended action Enrich with SIEM action, policy, auth-failure, and blocked-request summaries for the same entity.

Coverage is thin — 80% of rule evaluations had missing inputs. Real risk may be higher than the score implies.

1 Assign 1 Watch 0 Insufficient data 0 Close — expected

1 ASN needs analyst attention; 1 to watch (out of 2).

Security evidence

2 entities need analyst attention

ASN 64500 #1

Assign Score 58 Security evidence Low confidence: 11 of 16 rules missing inputs

Security signals

Bad Bot Share High +14 pts

Bad bot share is 65.00%.
SIEM Auth Fail Present +12 pts

SIEM summary reports 200 auth failures.
SIEM Blocked Present +12 pts

SIEM summary reports 1200 blocked requests.

Supporting movement signals

Volume Delta High Movement +12 pts

Request volume increased by 340000 (425.00%).
Bot Share Delta High Movement +8 pts

Bot share increased by 44.1 percentage points.

ASN 64600 #2

Watch Score 12 Security evidence Low confidence: 13 of 14 rules missing inputs

Security signals

SIEM Blocked Present +12 pts

SIEM summary reports 40 blocked requests.

Triage queue

2 ASNs, ordered by what to do

Verdict	ASN	Score	Δ	Primary domain	Top evidence
Assign
Assign	ASN 64500	58	±0	Security evidence	Bad bot share is 65.00%.
Watch
Watch	ASN 64600	12	±0	Security evidence	SIEM summary reports 40 blocked requests.

Domain score matrix

How risk points distribute across domains

ASN	Score	Cache busting	Crawler governance	Movement	Origin impact	Policy collateral	Security evidence
ASN 64500	58	—	—	20	—	—	38
ASN 64600	12	—	—	—	—	—	12

Recommended next steps

Investigations to queue from this report

Enrich with SIEM action, policy, auth-failure, and blocked-request summaries for the same entity.

2 ASNs · ASN 64500, ASN 64600
Review mover attribution for the same scope and confirm comparable current/baseline windows.

1 ASN · ASN 64500

Coverage

Which rules could be evaluated

Rule coverage by domain — 5 domains evaluated, 80.00% of rule evaluations had missing inputs

Domain	Triggered	Inputs missing
Cache busting	0	8
Crawler governance	0	9
Movement	2	2
Origin impact	0	4
Security evidence	4	1

Confidence: Medium · 2. Reasons: Baseline window has enough rows, Current window has enough rows, Some feature inputs missing, Dimensions fit retained schema, Summary table used.

Method & caveats

What this report is and isn't

Rule-based scorecard for · , built from mechanical features only, compared against week over week. It reports what was measured, not why. Missing feature inputs are reported as such — they are not scored as safe.

Schema, source table, and constraints

Schema: bot_scorecard_artifacts.v1
Comparison: Week over week
Producer limit: 5 (returned 2, truncated: false)
Tenant / database: ·
Table: bi_summary_hour
Constraints: Rule-based scorecard; Mechanical features only; No causal claim; LLM may summarize structured evidence only
Confidence reasons: Baseline window has enough rows; Current window has enough rows; Some feature inputs missing; Dimensions fit retained schema; Summary table used

Orientation — what this report measures

What this measures

A risk score for each ranked entity (typically ASN) on a 0–100 scale. Higher scores reflect more triggered security signals — bad-bot share, SIEM auth failures, SIEM blocked requests — plus movement-side context.

How to read the score

Higher score = more triggered security/movement rules. Bands: escalate, monitor, observe.

escalate · 0–40
monitor · 40–70
observe · 70–100

What this can't say

Not a confirmed-malicious determination. Missing inputs are reported as missing — they are not scored as safe.