1 PCAPs β’ 79 sessions β’ 45 hosts β’ 29 π geolocated
βΆ π cap_05182026_430pmCST.pcapng
354.9 KB β’ 79 sessions β’ UDP:30 TCP:45 ICMP:3 OTHER:1
Paths: 25
Physical: 25
Synthetic: 0
Cables: 8
IX: 2
Conflicts: 0
CSI: 0
Cascades: 0
π» Phantoms: 0
Kill Chain: 0
AS15169 β AS249403 hops Β· 0%
AS15169 β AS3356 β AS24940
8076 km
β PHYSICALπ CABLE AS15169 β AS80753 hops Β· 0%
AS15169 β AS3356 β AS8075
π AAG (Asia-America Gateway), JUPITER
1722 km
β PHYSICALπ CABLE AS15169 β AS541133 hops Β· 0%
AS15169 β AS3356 β AS54113
π AAG (Asia-America Gateway), JUPITER
560 km
β PHYSICALπ CABLE AS15169 β AS80753 hops Β· 0%
AS15169 β AS3356 β AS8075
π AAG (Asia-America Gateway), JUPITER
928 km
β‘ IX AS15169 β AS146183 hops Β· 0%
AS15169 β AS3356 β AS14618
β‘ Equinix Chicago
1683 km
AS15169 β AS80753 hops Β· 0%
AS15169 β AS3356 β AS8075
559 km
β PHYSICALπ CABLE AS15169 β AS3969822 hops Β· 0%
AS15169 β AS396982
π AAG (Asia-America Gateway), JUPITER
320 km
β PHYSICALπ CABLE AS24940 β AS80753 hops Β· 0%
AS24940 β AS3356 β AS8075
π Grace Hopper
7006 km
AS24940 β AS541133 hops Β· 0%
AS24940 β AS3356 β AS54113
8451 km
AS24940 β AS80753 hops Β· 0%
AS24940 β AS3356 β AS8075
8844 km
β PHYSICALπ CABLE AS24940 β AS146183 hops Β· 0%
AS24940 β AS3356 β AS14618
π Grace Hopper
6536 km
AS24940 β AS80753 hops Β· 0%
AS24940 β AS3356 β AS8075
7516 km
AS24940 β AS3969823 hops Β· 0%
AS24940 β AS3356 β AS396982
7780 km
β PHYSICALπ CABLE AS8075 β AS541133 hops Β· 0%
AS8075 β AS3356 β AS54113
π AAG (Asia-America Gateway), JUPITER
1735 km
β PHYSICALπ CABLEβ‘ IX AS8075 β AS146183 hops Β· 0%
AS8075 β AS3356 β AS14618
π Grace Hopper, Firmina, Dunant, FLAG Atlantic-1, MAREA
β‘ Equinix Ashburn
779 km
β PHYSICALπ CABLEβ‘ IX AS8075 β AS3969823 hops Β· 0%
AS8075 β AS3356 β AS396982
π AAG (Asia-America Gateway), JUPITER
β‘ Equinix Chicago
1444 km
β PHYSICALπ CABLE AS54113 β AS80753 hops Β· 0%
AS54113 β AS3356 β AS8075
π AAG (Asia-America Gateway), JUPITER
406 km
β‘ IX AS54113 β AS146183 hops Β· 0%
AS54113 β AS3356 β AS14618
β‘ Equinix Chicago
1936 km
AS54113 β AS80753 hops Β· 0%
AS54113 β AS3356 β AS8075
1021 km
β PHYSICALπ CABLE AS54113 β AS3969823 hops Β· 0%
AS54113 β AS3356 β AS396982
π AAG (Asia-America Gateway), JUPITER
731 km
[6:02:09 PM] β 25 paths Β· 0 synthetic| Kind | ID | Labels | Position |
|---|---|---|---|
| asn | asn:54113 | asn=54,113, org=Fastly, Inc. | |
| asn | asn:24940 | asn=24,940, org=Hetzner Online GmbH | |
| asn | asn:397273 | asn=397,273, org=Render | |
| asn | asn:20940 | asn=20,940, org=Akamai International B.V. | |
| asn | asn:16509 | asn=16,509, org=Amazon.com, Inc. | |
| asn | asn:8075 | asn=8,075, org=Microsoft Corporation | |
| asn | asn:36236 | asn=36,236, org=NetActuate, Inc | |
| asn | asn:396982 | asn=396,982, org=Google LLC | |
| asn | asn:15169 | asn=15,169, org=Google LLC | |
| asn | asn:6167 | asn=6,167, org=Verizon Business | |
| asn | asn:14618 | asn=14,618, org=Amazon.com, Inc. | |
| behavior_group | BSG-DATA_EXFIL-e7f288856e4c | behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=32594, dst_ip=, member_count=1, src_ip=209.177.156.94, summary=Exfil suspect: 209.177.156.94 β 1 destinations, 32,594B total, max 32,594B/session, total_bytes=32,594, total_packets=115, unique_hosts=1, unique_ports=0 | |
| behavior_group | BSG-BEACON-3fa1dca5627c | behavior=BEACON, confidence=0.9, detection_rationale=timing_cv=0.00 (β€0.5); byte_cv=0.00 (β€0.6), dst_ip=151.101.113.140, dst_port=443, interval_cv=0, mean_interval=0, member_count=3, src_ip=192.168.1.185, summary=Beacon: 192.168.1.185 β 151.101.113.140:443, 3 sessions, interval CV=0.00, mean 121B, total_bytes=363, total_packets=6, unique_hosts=0, unique_ports=0 | |
| behavior_group | BSG-HORIZ_SCAN-cd2c52661c4b | behavior=HORIZ_SCAN, confidence=0.8, detection_rationale=unique_hosts=19; short_sessions=84%, dst_ip=, dst_port=443, member_count=31, src_ip=192.168.1.185, summary=Horizontal scan: 192.168.1.185 β 19 hosts on port 443, 31 sessions, total_bytes=255,098, total_packets=442, unique_hosts=19, unique_ports=0 | |
| behavior_group | BSG-DATA_EXFIL-78b438a917b5 | behavior=DATA_EXFIL, confidence=0.95, detection_rationale=total_bytes=207718; large_volume (β₯100KB); high_rate (67388 B/s); repeated (5 sessions), dst_ip=, member_count=5, src_ip=192.168.1.185, summary=Exfil suspect: 192.168.1.185 β 4 destinations, 207,718B total, max 141,514B/session, total_bytes=207,718, total_packets=246, unique_hosts=4, unique_ports=0 | |
| behavior_group | BSG-BEACON-4bc57cbec7cd | behavior=BEACON, confidence=0.9, detection_rationale=timing_cv=0.00 (β€0.5); byte_cv=0.41 (β€0.6), dst_ip=192.168.1.1, dst_port=46,407, interval_cv=0, mean_interval=0, member_count=3, src_ip=192.168.1.185, summary=Beacon: 192.168.1.185 β 192.168.1.1:46407, 3 sessions, interval CV=0.00, mean 2713B, total_bytes=8,138, total_packets=32, unique_hosts=0, unique_ports=0 | |
| dns_name | dns:wpad.mynetworksettings.com | answer_count=0, qname=wpad.mynetworksettings.com | |
| dns_name | dns:bat.bing.com | answer_count=4, qname=bat.bing.com | |
| dns_name | dns:signaler-pa.clients6.google.com | answer_count=1, qname=signaler-pa.clients6.google.com | |
| dns_name | dns:browser.events.data.microsoft.com | answer_count=3, qname=browser.events.data.microsoft.com | |
| dns_name | dns:ctldl.windowsupdate.com | answer_count=8, qname=ctldl.windowsupdate.com | |
| dns_name | dns:remotedesktop-pa.googleapis.com | answer_count=9, qname=remotedesktop-pa.googleapis.com | |
| dns_name | dns:chatgpt.com | answer_count=6, qname=chatgpt.com | |
| dns_name | dns:copilot.microsoft.com | answer_count=4, qname=copilot.microsoft.com | |
| flow | flow:f25397a8d5d5 | bytes=11,087, dst_ip=104.18.32.47, dst_port=443, pkts=18, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:478de54cd94a | bytes=498, dst_ip=97.178.32.239, dst_port=31,036, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:abe950115ba3 | bytes=121, dst_ip=13.107.226.57, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:9d482c927ad5 | bytes=1,924, dst_ip=192.200.0.112, dst_port=443, pkts=5, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:027ad06c15d5 | bytes=321, dst_ip=192.168.1.185, dst_port=55,880, pkts=5, proto=tcp, src_ip=104.18.36.216 | |
| flow | flow:e36e1209129d | bytes=228, dst_ip=192.168.1.185, dst_port=51,049, pkts=3, proto=tcp, src_ip=216.24.57.251 | |
| flow | flow:c65476284ea0 | bytes=321, dst_ip=192.168.1.185, dst_port=61,509, pkts=5, proto=tcp, src_ip=162.159.128.61 | |
| flow | flow:189be888c3af | bytes=13,297, dst_ip=104.18.23.222, dst_port=443, pkts=21, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:bab9257727f6 | bytes=137, dst_ip=23.219.160.5, dst_port=443, pkts=2, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:b41e05b0f148 | bytes=156, dst_ip=209.177.158.246, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:f6fc82e11042 | bytes=218, dst_ip=192.168.1.1, dst_port=5,351, pkts=4, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:660ca437efa1 | bytes=1,712, dst_ip=192.168.1.1, dst_port=53, pkts=14, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:779733f74ceb | bytes=441, dst_ip=104.208.203.89, dst_port=443, pkts=4, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:4eed5ff51111 | bytes=1,782, dst_ip=192.168.1.1, dst_port=46,407, pkts=10, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:4ac806f4d834 | bytes=422, dst_ip=20.62.59.32, dst_port=443, pkts=6, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:ef26bc2c964d | bytes=321, dst_ip=192.168.1.185, dst_port=62,104, pkts=5, proto=tcp, src_ip=172.64.151.22 | |
| flow | flow:21a678dc75de | bytes=1,951, dst_ip=199.165.136.100, dst_port=443, pkts=6, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:a25fcb74f721 | bytes=228, dst_ip=192.168.1.185, dst_port=58,631, pkts=3, proto=tcp, src_ip=216.24.57.7 | |
| flow | flow:7395be855a32 | bytes=3,492, dst_ip=192.168.1.185, dst_port=0, pkts=18, proto=icmp, src_ip=97.178.32.239 | |
| flow | flow:0523b90826b8 | bytes=193, dst_ip=192.168.1.185, dst_port=51,645, pkts=2, proto=tcp, src_ip=192.200.0.112 | |
| flow | flow:cb933110cf94 | bytes=5,086, dst_ip=199.165.136.100, dst_port=443, pkts=25, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:df281449ac19 | bytes=1,164, dst_ip=192.168.1.185, dst_port=0, pkts=6, proto=icmp, src_ip=97.178.32.239 | |
| flow | flow:46c89f86a16a | bytes=245, dst_ip=23.219.160.5, dst_port=443, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:00f4e10d6ac7 | bytes=2,508, dst_ip=192.168.1.185, dst_port=43,844, pkts=15, proto=tcp, src_ip=209.177.156.94 | |
| flow | flow:9cc54a60d88a | bytes=4,440, dst_ip=192.168.1.185, dst_port=54,986, pkts=5, proto=tcp, src_ip=167.235.217.196 | |
| flow | flow:300bb0be41cf | bytes=121, dst_ip=151.101.113.140, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:03d3562fa35f | bytes=498, dst_ip=97.178.32.239, dst_port=52,243, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:ab2fda60ec38 | bytes=121, dst_ip=150.171.28.10, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:7fc08133133d | bytes=498, dst_ip=172.19.0.1, dst_port=44,244, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:26faad66f81e | bytes=498, dst_ip=172.18.0.1, dst_port=44,244, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:4f5810e72704 | bytes=156, dst_ip=192.73.244.245, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:007f4ea11c64 | bytes=121, dst_ip=135.234.174.40, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:82ce7409c0ca | bytes=893, dst_ip=151.101.114.172, dst_port=80, pkts=7, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:df1c396b8733 | bytes=306, dst_ip=192.168.1.185, dst_port=51,966, pkts=5, proto=tcp, src_ip=23.213.232.172 | |
| flow | flow:f5abaef54664 | bytes=4,269, dst_ip=192.168.1.1, dst_port=46,407, pkts=12, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:481a8cb33c5b | bytes=230, dst_ip=192.168.1.1, dst_port=5,351, pkts=4, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:a3f08c1df1f5 | bytes=30,133, dst_ip=192.73.248.83, dst_port=443, pkts=96, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:c0b4f157e073 | bytes=121, dst_ip=34.111.31.13, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:dc8e0c394478 | bytes=410, dst_ip=192.168.1.1, dst_port=53, pkts=4, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:1fbee9feb06d | bytes=321, dst_ip=192.168.1.185, dst_port=51,146, pkts=5, proto=tcp, src_ip=104.18.1.62 | |
| flow | flow:d479ce3b7365 | bytes=141, dst_ip=192.168.1.185, dst_port=54,629, pkts=2, proto=tcp, src_ip=52.110.6.13 | |
| flow | flow:bf7a9427297d | bytes=1,621, dst_ip=192.168.1.1, dst_port=0, pkts=5, proto=icmp, src_ip=192.168.1.185 | |
| flow | flow:05b4e5b174c0 | bytes=3,585, dst_ip=192.168.1.185, dst_port=54,986, pkts=4, proto=tcp, src_ip=167.235.217.196 | |
| flow | flow:341692033057 | bytes=498, dst_ip=97.178.32.239, dst_port=41,641, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:5b983251f483 | bytes=1,002, dst_ip=192.168.1.185, dst_port=52,133, pkts=14, proto=tcp, src_ip=104.18.22.222 | |
| flow | flow:0c699e4ab5c4 | bytes=822, dst_ip=192.168.1.1, dst_port=53, pkts=6, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:d658b18ff560 | bytes=120, dst_ip=224.0.0.22, dst_port=0, pkts=2, proto=other, src_ip=192.168.1.165 | |
| flow | flow:bf8f4a131249 | bytes=498, dst_ip=172.17.0.1, dst_port=44,244, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:a912cd07306b | bytes=498, dst_ip=172.29.16.1, dst_port=41,641, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:c378386f9a22 | bytes=3,906, dst_ip=150.171.28.10, dst_port=443, pkts=11, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:65175f124256 | bytes=642, dst_ip=199.165.136.100, dst_port=443, pkts=4, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:7986b2093729 | bytes=11,687, dst_ip=104.18.32.47, dst_port=443, pkts=21, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:51a92af49050 | bytes=121, dst_ip=76.76.21.22, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:d84a13678d67 | bytes=8,541, dst_ip=142.250.113.95, dst_port=443, pkts=20, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:dd3dd13e1b60 | bytes=156, dst_ip=209.177.158.246, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:495f7c8d94fd | bytes=32,594, dst_ip=192.168.1.185, dst_port=43,844, pkts=115, proto=tcp, src_ip=209.177.156.94 | |
| flow | flow:e34282443dab | bytes=1,532, dst_ip=142.250.115.95, dst_port=443, pkts=11, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:1cae684ccaf1 | bytes=121, dst_ip=35.190.80.1, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:a42e7b1c53d5 | bytes=156, dst_ip=209.177.156.94, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:7be9da9aa76d | bytes=141,514, dst_ip=52.182.143.215, dst_port=443, pkts=90, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:60dd2a974649 | bytes=230, dst_ip=192.168.1.1, dst_port=5,351, pkts=4, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:65c7de267840 | bytes=218, dst_ip=192.168.1.1, dst_port=5,351, pkts=4, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:0380e0cd29dc | bytes=220, dst_ip=192.168.1.185, dst_port=52,640, pkts=3, proto=tcp, src_ip=104.18.39.21 | |
| flow | flow:f79c1639a1f7 | bytes=498, dst_ip=97.178.32.239, dst_port=11,130, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:f3b81336df74 | bytes=121, dst_ip=151.101.112.217, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:f19ee6508782 | bytes=220, dst_ip=192.168.1.185, dst_port=58,457, pkts=3, proto=tcp, src_ip=104.18.39.21 | |
| flow | flow:46f60ddc23a2 | bytes=2,087, dst_ip=192.168.1.1, dst_port=46,407, pkts=10, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:62d01d1bf747 | bytes=156, dst_ip=192.73.243.135, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:fdf049da8b14 | bytes=156, dst_ip=209.177.156.94, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:6fe67514daf4 | bytes=2,238, dst_ip=192.73.248.83, dst_port=443, pkts=13, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:3d20532e84ed | bytes=9,890, dst_ip=23.219.160.5, dst_port=443, pkts=40, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:919c57e90236 | bytes=8,434, dst_ip=142.250.115.95, dst_port=443, pkts=21, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:c44b4fd56f98 | bytes=298, dst_ip=192.168.1.185, dst_port=60,920, pkts=4, proto=udp, src_ip=216.239.32.223 | |
| flow | flow:137f07aaadb4 | bytes=498, dst_ip=97.178.32.239, dst_port=41,641, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:d83699920b5b | bytes=121, dst_ip=151.101.113.140, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:682d5368c69e | bytes=498, dst_ip=97.178.32.239, dst_port=1,050, pkts=3, proto=udp, src_ip=192.168.1.185 | |
| flow | flow:eb3b47352f67 | bytes=121, dst_ip=151.101.113.140, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:9aa8161296f7 | bytes=660, dst_ip=199.165.136.100, dst_port=443, pkts=3, proto=tcp, src_ip=192.168.1.185 | |
| flow | flow:5a246bdf60e4 | bytes=121, dst_ip=135.234.174.40, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185 | |
| geo_point | geo_34.05440_-118.24400 | city=Los Angeles, country=US | [34.0544, -118.2440, 0.0000] π |
| geo_point | geo_29.42270_-98.49270 | city=San Antonio, country=US | [29.4227, -98.4927, 0.0000] π |
| geo_point | geo_29.75390_-95.35900 | city=Houston, country=US | [29.7539, -95.3590, 0.0000] π |
| geo_point | geo_34.02330_-117.85120 | city=Walnut, country=US | [34.0233, -117.8512, 0.0000] π |
| geo_point | geo_38.70950_-78.15390 | city=Washington, country=US | [38.7095, -78.1539, 0.0000] π |
| geo_point | geo_41.88350_-87.63050 | city=Chicago, country=US | [41.8835, -87.6305, 0.0000] π |
| geo_point | geo_37.75100_-97.82200 | city=, country=US | [37.7510, -97.8220, 0.0000] π |
| geo_point | geo_43.63190_-79.37160 | city=, country=CA | [43.6319, -79.3716, 0.0000] π |
| geo_point | geo_36.66940_-78.38770 | city=Boydton, country=US | [36.6694, -78.3877, 0.0000] π |
| geo_point | geo_29.82840_-95.46960 | city=Houston, country=US | [29.8284, -95.4696, 0.0000] π |
| geo_point | geo_39.10270_-94.57780 | city=Kansas City, country=US | [39.1027, -94.5778, 0.0000] π |
| geo_point | geo_32.77970_-96.80220 | city=Dallas, country=US | [32.7797, -96.8022, 0.0000] π |
| geo_point | geo_50.47770_12.36490 | city=Falkenstein, country=DE | [50.4777, 12.3649, 0.0000] π |
| geo_point | geo_41.60150_-93.61270 | city=Des Moines, country=US | [41.6015, -93.6127, 0.0000] π |
| geo_point | geo_25.77010_-80.19280 | city=Miami, country=US | [25.7701, -80.1928, 0.0000] π |
| host | host:104.18.39.21 | bytes=220, ip=104.18.39.21 | |
| host | host:52.182.143.215 | bytes=141,514, city=Des Moines, country=US, ip=52.182.143.215, org=Microsoft Corporation | [41.6015, -93.6127, 0.0000] π |
| host | host:104.18.23.222 | bytes=13,297, ip=104.18.23.222 | |
| host | host:52.110.6.13 | bytes=141, city=San Antonio, country=US, ip=52.110.6.13, org=Microsoft Corporation | [29.4227, -98.4927, 0.0000] π |
| host | host:104.18.1.62 | bytes=321, ip=104.18.1.62 | |
| host | host:192.168.1.165 | bytes=120, ip=192.168.1.165 | |
| host | host:216.24.57.251 | bytes=228, city=, country=US, ip=216.24.57.251, org=Render | [37.7510, -97.8220, 0.0000] π |
| host | host:167.235.217.196 | bytes=3,585, city=Falkenstein, country=DE, ip=167.235.217.196, org=Hetzner Online GmbH | [50.4777, 12.3649, 0.0000] π |
| host | host:13.107.226.57 | bytes=121, city=, country=US, ip=13.107.226.57, org=Microsoft Corporation | [37.7510, -97.8220, 0.0000] π |
| host | host:97.178.32.239 | bytes=3,492, city=Houston, country=US, ip=97.178.32.239, org=Verizon Business | [29.8284, -95.4696, 0.0000] π |
| host | host:192.200.0.112 | bytes=1,924, city=, country=CA, ip=192.200.0.112, org=Amazon.com, Inc. | [43.6319, -79.3716, 0.0000] π |
| host | host:23.219.160.5 | bytes=9,890, city=Houston, country=US, ip=23.219.160.5, org=Akamai International B.V. | [29.7539, -95.3590, 0.0000] π |
| host | host:192.168.1.1 | bytes=2,087, ip=192.168.1.1 | |
| host | host:162.159.128.61 | bytes=321, ip=162.159.128.61 | |
| host | host:172.18.0.1 | bytes=498, ip=172.18.0.1 | |
| host | host:23.213.232.172 | bytes=306, city=Dallas, country=US, ip=23.213.232.172, org=Akamai International B.V. | [32.7797, -96.8022, 0.0000] π |
| host | host:151.101.114.172 | bytes=893, city=Dallas, country=US, ip=151.101.114.172, org=Fastly, Inc. | [32.7797, -96.8022, 0.0000] π |
| host | host:192.73.243.135 | bytes=156, city=Miami, country=US, ip=192.73.243.135, org=NetActuate, Inc | [25.7701, -80.1928, 0.0000] π |
| host | host:216.239.32.223 | bytes=298, city=, country=US, ip=216.239.32.223, org=Google LLC | [37.7510, -97.8220, 0.0000] π |
| host | host:192.73.244.245 | bytes=156, city=Los Angeles, country=US, ip=192.73.244.245, org=NetActuate, Inc | [34.0544, -118.2440, 0.0000] π |
| host | host:172.19.0.1 | bytes=498, ip=172.19.0.1 | |
| host | host:172.64.151.22 | bytes=321, ip=172.64.151.22 | |
| host | host:135.234.174.40 | bytes=121, city=Washington, country=US, ip=135.234.174.40, org=Microsoft Corporation | [38.7095, -78.1539, 0.0000] π |
| host | host:216.24.57.7 | bytes=228, city=, country=US, ip=216.24.57.7, org=Render | [37.7510, -97.8220, 0.0000] π |
| host | host:104.18.36.216 | bytes=321, ip=104.18.36.216 | |
| host | host:150.171.28.10 | bytes=121, city=, country=US, ip=150.171.28.10, org=Microsoft Corporation | [37.7510, -97.8220, 0.0000] π |
| host | host:209.177.158.246 | bytes=156, city=Chicago, country=US, ip=209.177.158.246, org=NetActuate, Inc | [41.8835, -87.6305, 0.0000] π |
| host | host:192.168.1.185 | bytes=3,585, ip=192.168.1.185 | |
| host | host:104.18.32.47 | bytes=11,687, ip=104.18.32.47 | |
| host | host:104.208.203.89 | bytes=441, city=Boydton, country=US, ip=104.208.203.89, org=Microsoft Corporation | [36.6694, -78.3877, 0.0000] π |
| host | host:34.111.31.13 | bytes=121, city=Kansas City, country=US, ip=34.111.31.13, org=Google LLC | [39.1027, -94.5778, 0.0000] π |
| host | host:104.18.22.222 | bytes=1,002, ip=104.18.22.222 | |
| host | host:199.165.136.100 | bytes=1,951, city=, country=CA, ip=199.165.136.100, org=Amazon.com, Inc. | [43.6319, -79.3716, 0.0000] π |
| host | host:151.101.113.140 | bytes=121, city=Dallas, country=US, ip=151.101.113.140, org=Fastly, Inc. | [32.7797, -96.8022, 0.0000] π |
| host | host:142.250.113.95 | bytes=8,541, city=, country=US, ip=142.250.113.95, org=Google LLC | [37.7510, -97.8220, 0.0000] π |
| host | host:142.250.115.95 | bytes=1,532, city=, country=US, ip=142.250.115.95, org=Google LLC | [37.7510, -97.8220, 0.0000] π |
| host | host:172.29.16.1 | bytes=498, ip=172.29.16.1 | |
| host | host:224.0.0.22 | bytes=120, ip=224.0.0.22 | |
| host | host:192.73.248.83 | bytes=30,133, city=Dallas, country=US, ip=192.73.248.83, org=NetActuate, Inc | [32.7797, -96.8022, 0.0000] π |
| host | host:172.17.0.1 | bytes=498, ip=172.17.0.1 | |
| host | host:151.101.112.217 | bytes=121, city=Dallas, country=US, ip=151.101.112.217, org=Fastly, Inc. | [32.7797, -96.8022, 0.0000] π |
| host | host:76.76.21.22 | bytes=121, city=Walnut, country=US, ip=76.76.21.22, org=Amazon.com, Inc. | [34.0233, -117.8512, 0.0000] π |
| host | host:20.62.59.32 | bytes=422, city=Boydton, country=US, ip=20.62.59.32, org=Microsoft Corporation | [36.6694, -78.3877, 0.0000] π |
| host | host:209.177.156.94 | bytes=156, city=Dallas, country=US, ip=209.177.156.94, org=NetActuate, Inc | [32.7797, -96.8022, 0.0000] π |
| host | host:35.190.80.1 | bytes=121, city=, country=US, ip=35.190.80.1, org=Google LLC | [37.7510, -97.8220, 0.0000] π |
| http_host | http_host:ctldl.windowsupdate.com | host=ctldl.windowsupdate.com | |
| org | org:Akamai International B.V. | name=Akamai International B.V. | |
| org | org:Fastly, Inc. | name=Fastly, Inc. | |
| org | org:Hetzner Online GmbH | name=Hetzner Online GmbH | |
| org | org:Amazon.com, Inc. | name=Amazon.com, Inc. | |
| org | org:Render | name=Render | |
| org | org:Google LLC | name=Google LLC | |
| org | org:NetActuate, Inc | name=NetActuate, Inc | |
| org | org:Microsoft Corporation | name=Microsoft Corporation | |
| org | org:Verizon Business | name=Verizon Business | |
| pcap_artifact | PCAP:cap_05182026_430pmCST:aee251eecdd8 | file_size=363,452, filename=cap_05182026_430pmCST.pcapng, ingested_at=2026-05-18T21:41:28.697945+00:00 | |
| port_hub | port:udp:5351 | port=5,351, proto=udp | |
| port_hub | port:tcp:61509 | port=61,509, proto=tcp | |
| port_hub | port:udp:3478 | port=3,478, proto=udp | |
| port_hub | port:tcp:58457 | port=58,457, proto=tcp | |
| port_hub | port:udp:60920 | port=60,920, proto=udp | |
| port_hub | port:tcp:55880 | port=55,880, proto=tcp | |
| port_hub | port:tcp:54629 | port=54,629, proto=tcp | |
| port_hub | port:tcp:443 | port=443, proto=tcp | |
| port_hub | port:udp:443 | port=443, proto=udp | |
| port_hub | port:udp:41641 | port=41,641, proto=udp | |
| port_hub | port:tcp:52640 | port=52,640, proto=tcp | |
| port_hub | port:tcp:51146 | port=51,146, proto=tcp | |
| port_hub | port:tcp:51966 | port=51,966, proto=tcp | |
| port_hub | port:tcp:52133 | port=52,133, proto=tcp | |
| port_hub | port:tcp:80 | port=80, proto=tcp | |
| port_hub | port:tcp:58631 | port=58,631, proto=tcp | |
| port_hub | port:tcp:54986 | port=54,986, proto=tcp | |
| port_hub | port:udp:31036 | port=31,036, proto=udp | |
| port_hub | port:udp:52243 | port=52,243, proto=udp | |
| port_hub | port:tcp:62104 | port=62,104, proto=tcp | |
| port_hub | port:udp:44244 | port=44,244, proto=udp | |
| port_hub | port:udp:1050 | port=1,050, proto=udp | |
| port_hub | port:tcp:51049 | port=51,049, proto=tcp | |
| port_hub | port:tcp:46407 | port=46,407, proto=tcp | |
| port_hub | port:tcp:43844 | port=43,844, proto=tcp | |
| port_hub | port:tcp:51645 | port=51,645, proto=tcp | |
| port_hub | port:udp:11130 | port=11,130, proto=udp | |
| port_hub | port:udp:53 | port=53, proto=udp | |
| protocol_event | pe:dns:SESSION-58f9cafe500f64ad | event_type=DNS_EXCHANGE, query_count=14, session=SESSION-58f9cafe500f64ad | |
| protocol_event | pe:tls:SESSION-b7d90a2138968fa3 | event_type=TLS_SESSION, packet_count=115, session=SESSION-b7d90a2138968fa3 | |
| protocol_event | pe:tls:SESSION-de97a19f0937505c | event_type=TLS_SESSION, packet_count=5, session=SESSION-de97a19f0937505c | |
| protocol_event | pe:tls:SESSION-e53f703ab7b48a77 | event_type=TLS_SESSION, packet_count=3, session=SESSION-e53f703ab7b48a77 | |
| protocol_event | pe:tls:SESSION-5673cdc8e15ecc28 | event_type=TLS_SESSION, packet_count=5, session=SESSION-5673cdc8e15ecc28 | |
| protocol_event | pe:tls:SESSION-05305b96b26cdffd | event_type=TLS_SESSION, packet_count=3, session=SESSION-05305b96b26cdffd | |
| protocol_event | pe:tls:SESSION-787a71cfd2c6f769 | event_type=TLS_SESSION, packet_count=5, session=SESSION-787a71cfd2c6f769 | |
| protocol_event | pe:tls:SESSION-e565a4fbf5cff09b | event_type=TLS_SESSION, packet_count=13, session=SESSION-e565a4fbf5cff09b | |
| protocol_event | pe:tls:SESSION-934baa2aae663ceb | event_type=TLS_SESSION, packet_count=2, session=SESSION-934baa2aae663ceb | |
| protocol_event | pe:tls:SESSION-cbcc97483386b4f3 | event_type=TLS_SESSION, packet_count=21, session=SESSION-cbcc97483386b4f3 | |
| protocol_event | pe:tls:SESSION-c8f5f362e7c0c5c8 | event_type=TLS_SESSION, packet_count=3, session=SESSION-c8f5f362e7c0c5c8 | |
| protocol_event | pe:tls:SESSION-2014bf32e6dab59e | event_type=TLS_SESSION, packet_count=2, session=SESSION-2014bf32e6dab59e | |
| protocol_event | pe:tls:SESSION-99947e3aab494326 | event_type=TLS_SESSION, packet_count=2, session=SESSION-99947e3aab494326 | |
| protocol_event | pe:tls:SESSION-055fd962754012c2 | event_type=TLS_SESSION, packet_count=4, session=SESSION-055fd962754012c2 | |
| protocol_event | pe:tls:SESSION-9c845bfb2b534b59 | event_type=TLS_SESSION, packet_count=11, session=SESSION-9c845bfb2b534b59 | |
| protocol_event | pe:tls:SESSION-bc4350b5c6d66f3f | event_type=TLS_SESSION, packet_count=2, session=SESSION-bc4350b5c6d66f3f | |
| protocol_event | pe:tls:SESSION-184b3698d564c9c7 | event_type=TLS_SESSION, packet_count=3, session=SESSION-184b3698d564c9c7 | |
| protocol_event | pe:syn:SESSION-06fade4febc8462c | count=2, event_type=TCP_SYN, session=SESSION-06fade4febc8462c | |
| protocol_event | pe:syn:SESSION-81e5b5be161de125 | count=2, event_type=TCP_SYN, session=SESSION-81e5b5be161de125 | |
| protocol_event | pe:syn:SESSION-9b68d4601d0ccd30 | count=2, event_type=TCP_SYN, session=SESSION-9b68d4601d0ccd30 | |
| protocol_event | pe:dns:SESSION-68666b77cce29d40 | event_type=DNS_EXCHANGE, query_count=6, session=SESSION-68666b77cce29d40 | |
| protocol_event | pe:tls:SESSION-36cd4459caa078a9 | event_type=TLS_SESSION, packet_count=2, session=SESSION-36cd4459caa078a9 | |
| protocol_event | pe:tls:SESSION-e881aa680da5dbf3 | event_type=TLS_SESSION, packet_count=2, session=SESSION-e881aa680da5dbf3 | |
| protocol_event | pe:syn:SESSION-8394aca80c2a0790 | count=2, event_type=TCP_SYN, session=SESSION-8394aca80c2a0790 | |
| protocol_event | pe:tls:SESSION-65a9e51617aa2712 | event_type=TLS_SESSION, packet_count=6, session=SESSION-65a9e51617aa2712 | |
| protocol_event | pe:tls:SESSION-9dab8edd40d14d9d | event_type=TLS_SESSION, packet_count=3, session=SESSION-9dab8edd40d14d9d | |
| protocol_event | pe:tls:SESSION-348feef1c6ca6285 | event_type=TLS_SESSION, packet_count=2, session=SESSION-348feef1c6ca6285 | |
| protocol_event | pe:dns:SESSION-08bfd8721a383a39 | event_type=DNS_EXCHANGE, query_count=4, session=SESSION-08bfd8721a383a39 | |
| protocol_event | pe:tls:SESSION-7b2b00e0ceb88c09 | event_type=TLS_SESSION, packet_count=6, session=SESSION-7b2b00e0ceb88c09 | |
| protocol_event | pe:tls:SESSION-741380b5a9a3a6c7 | event_type=TLS_SESSION, packet_count=5, session=SESSION-741380b5a9a3a6c7 | |
| protocol_event | pe:syn:SESSION-83d0b20751c23f69 | count=2, event_type=TCP_SYN, session=SESSION-83d0b20751c23f69 | |
| protocol_event | pe:tls:SESSION-e6ad21d692182871 | event_type=TLS_SESSION, packet_count=25, session=SESSION-e6ad21d692182871 | |
| protocol_event | pe:tls:SESSION-8394aca80c2a0790 | event_type=TLS_SESSION, packet_count=90, session=SESSION-8394aca80c2a0790 | |
| protocol_event | pe:tls:SESSION-04dc5a38b6cabcef | event_type=TLS_SESSION, packet_count=4, session=SESSION-04dc5a38b6cabcef | |
| protocol_event | pe:tls:SESSION-8fd6ad39adf47a18 | event_type=TLS_SESSION, packet_count=5, session=SESSION-8fd6ad39adf47a18 | |
| protocol_event | pe:syn:SESSION-21bfec774060aafb | count=2, event_type=TCP_SYN, session=SESSION-21bfec774060aafb | |
| protocol_event | pe:tls:SESSION-a019cb392bc23a7a | event_type=TLS_SESSION, packet_count=4, session=SESSION-a019cb392bc23a7a | |
| protocol_event | pe:tls:SESSION-0e59fb5fe4c720df | event_type=TLS_SESSION, packet_count=15, session=SESSION-0e59fb5fe4c720df | |
| protocol_event | pe:tls:SESSION-d146af26ba988e06 | event_type=TLS_SESSION, packet_count=18, session=SESSION-d146af26ba988e06 | |
| protocol_event | pe:syn:SESSION-cbcc97483386b4f3 | count=2, event_type=TCP_SYN, session=SESSION-cbcc97483386b4f3 | |
| protocol_event | pe:tls:SESSION-06fade4febc8462c | event_type=TLS_SESSION, packet_count=21, session=SESSION-06fade4febc8462c | |
| protocol_event | pe:tls:SESSION-9c85e6a530e7f20f | event_type=TLS_SESSION, packet_count=5, session=SESSION-9c85e6a530e7f20f | |
| protocol_event | pe:tls:SESSION-200a1edeb5081c1b | event_type=TLS_SESSION, packet_count=2, session=SESSION-200a1edeb5081c1b | |
| protocol_event | pe:tls:SESSION-b7338ba843b2dafa | event_type=TLS_SESSION, packet_count=96, session=SESSION-b7338ba843b2dafa | |
| protocol_event | pe:tls:SESSION-dabcbf693ac9fbef | event_type=TLS_SESSION, packet_count=2, session=SESSION-dabcbf693ac9fbef | |
| protocol_event | pe:tls:SESSION-423d6f8fa2a9f7bc | event_type=TLS_SESSION, packet_count=5, session=SESSION-423d6f8fa2a9f7bc | |
| protocol_event | pe:tls:SESSION-502ccca87ddbbb24 | event_type=TLS_SESSION, packet_count=2, session=SESSION-502ccca87ddbbb24 | |
| protocol_event | pe:tls:SESSION-441bb1af5ec88ffb | event_type=TLS_SESSION, packet_count=2, session=SESSION-441bb1af5ec88ffb | |
| protocol_event | pe:syn:SESSION-d146af26ba988e06 | count=2, event_type=TCP_SYN, session=SESSION-d146af26ba988e06 | |
| protocol_event | pe:tls:SESSION-ea1d23994577309a | event_type=TLS_SESSION, packet_count=14, session=SESSION-ea1d23994577309a | |
| protocol_event | pe:tls:SESSION-c4d9c40a7fec56be | event_type=TLS_SESSION, packet_count=2, session=SESSION-c4d9c40a7fec56be | |
| protocol_event | pe:tls:SESSION-fa034e5132aecf5b | event_type=TLS_SESSION, packet_count=2, session=SESSION-fa034e5132aecf5b | |
| service | svc:https | name=https | |
| service | svc:dns | name=dns | |
| service | svc:http | name=http | |
| session | SESSION-e53f703ab7b48a77 | dst_ip=199.165.136.100, dst_port=443, duration_sec=0.08, end_time=1,779,139,830.569, expected_protocol=https, packet_count=3, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=45,590, start_time=1,779,139,830.489, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=660, window_sec=30 | |
| session | SESSION-83d0b20751c23f69 | dst_ip=192.168.1.1, dst_port=46,407, duration_sec=0.02, end_time=1,779,139,815.162, expected_protocol=unregistered:46407, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=45,124, start_time=1,779,139,815.137, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=1,782, window_sec=30 | |
| session | SESSION-9dab8edd40d14d9d | dst_ip=192.168.1.185, dst_port=58,457, duration_sec=0.04, end_time=1,779,139,831.127, expected_protocol=unregistered:58457, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.39.21, src_port=443, start_time=1,779,139,831.082, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=220, window_sec=30 | |
| session | SESSION-e6729d0ebc579395 | dst_ip=97.178.32.239, dst_port=41,641, duration_sec=10.55, end_time=1,779,139,824.498, expected_protocol=unregistered:41641, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,813.948, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-2014bf32e6dab59e | dst_ip=151.101.113.140, dst_port=443, duration_sec=0.03, end_time=1,779,139,829.188, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=61,648, start_time=1,779,139,829.157, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-200a1edeb5081c1b | dst_ip=192.168.1.185, dst_port=54,629, duration_sec=0.05, end_time=1,779,139,824.265, expected_protocol=unregistered:54629, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=52.110.6.13, src_port=443, start_time=1,779,139,824.216, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=141, window_sec=30 | |
| session | SESSION-604f49b2ccac8492 | dst_ip=97.178.32.239, dst_port=52,243, duration_sec=10.55, end_time=1,779,139,824.457, expected_protocol=unregistered:52243, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-5419af02605f5da4 | dst_ip=97.178.32.239, dst_port=41,641, duration_sec=10.55, end_time=1,779,139,824.457, expected_protocol=unregistered:41641, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-741380b5a9a3a6c7 | dst_ip=192.168.1.185, dst_port=62,104, duration_sec=0.03, end_time=1,779,139,825.023, expected_protocol=unregistered:62104, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.64.151.22, src_port=443, start_time=1,779,139,824.993, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=321, window_sec=30 | |
| session | SESSION-184b3698d564c9c7 | dst_ip=192.168.1.185, dst_port=58,631, duration_sec=0.03, end_time=1,779,139,818.715, expected_protocol=unregistered:58631, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=216.24.57.7, src_port=443, start_time=1,779,139,818.689, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=228, window_sec=30 | |
| session | SESSION-e565a4fbf5cff09b | dst_ip=192.73.248.83, dst_port=443, duration_sec=0.77, end_time=1,779,139,832.674, expected_protocol=https, packet_count=13, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=49,982, start_time=1,779,139,831.906, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=2,238, window_sec=30 | |
| session | SESSION-858ec5d25a7b6232 | dst_ip=97.178.32.239, dst_port=11,130, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:11130, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-bcd07bc8e00bd126 | dst_ip=209.177.158.246, dst_port=3,478, duration_sec=0.05, end_time=1,779,139,814.853, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,814.8, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30 | |
| session | SESSION-c4d9c40a7fec56be | dst_ip=135.234.174.40, dst_port=443, duration_sec=0.06, end_time=1,779,139,824.108, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=51,136, start_time=1,779,139,824.046, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-8fd6ad39adf47a18 | dst_ip=192.168.1.185, dst_port=55,880, duration_sec=0.03, end_time=1,779,139,823.793, expected_protocol=unregistered:55880, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.36.216, src_port=443, start_time=1,779,139,823.759, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=321, window_sec=30 | |
| session | SESSION-9c845bfb2b534b59 | dst_ip=150.171.28.10, dst_port=443, duration_sec=0.19, end_time=1,779,139,833.641, expected_protocol=https, packet_count=11, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=62,432, start_time=1,779,139,833.456, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=3,906, window_sec=30 | |
| session | SESSION-329be171c0b80b92 | dst_ip=172.29.16.1, dst_port=41,641, duration_sec=10.55, end_time=1,779,139,824.498, expected_protocol=unregistered:41641, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,813.948, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-787a71cfd2c6f769 | dst_ip=192.168.1.185, dst_port=61,509, duration_sec=0.04, end_time=1,779,139,823.853, expected_protocol=unregistered:61509, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=162.159.128.61, src_port=443, start_time=1,779,139,823.808, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=321, window_sec=30 | |
| session | SESSION-a019cb392bc23a7a | dst_ip=199.165.136.100, dst_port=443, duration_sec=0.17, end_time=1,779,139,831.279, expected_protocol=https, packet_count=4, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=57,514, start_time=1,779,139,831.111, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=642, window_sec=30 | |
| session | SESSION-81e5b5be161de125 | dst_ip=151.101.114.172, dst_port=80, duration_sec=0.15, end_time=1,779,139,820.515, expected_protocol=http, packet_count=7, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=57,908, start_time=1,779,139,820.368, tcp_flags=S,P,A, time_bucket=1,779,139,800, total_bytes=893, window_sec=30 | |
| session | SESSION-f32643b41a201d5b | dst_ip=209.177.158.246, dst_port=3,478, duration_sec=0.05, end_time=1,779,139,827.583, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,827.529, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30 | |
| session | SESSION-c8f5f362e7c0c5c8 | dst_ip=192.168.1.185, dst_port=51,049, duration_sec=0.04, end_time=1,779,139,828.252, expected_protocol=unregistered:51049, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=216.24.57.251, src_port=443, start_time=1,779,139,828.217, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=228, window_sec=30 | |
| session | SESSION-423d6f8fa2a9f7bc | dst_ip=192.168.1.185, dst_port=51,966, duration_sec=0.03, end_time=1,779,139,828.883, expected_protocol=unregistered:51966, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=23.213.232.172, src_port=443, start_time=1,779,139,828.857, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=306, window_sec=30 | |
| session | SESSION-b7d90a2138968fa3 | dst_ip=192.168.1.185, dst_port=43,844, duration_sec=14.67, end_time=1,779,139,828.613, expected_protocol=unregistered:43844, packet_count=115, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=209.177.156.94, src_port=443, start_time=1,779,139,813.948, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=32,594, window_sec=30 | |
| session | SESSION-e66fd8e05921da5d | dst_ip=172.18.0.1, dst_port=44,244, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:44244, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-36cd4459caa078a9 | dst_ip=135.234.174.40, dst_port=443, duration_sec=0.07, end_time=1,779,139,827.293, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=51,820, start_time=1,779,139,827.225, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-e881aa680da5dbf3 | dst_ip=151.101.112.217, dst_port=443, duration_sec=0.04, end_time=1,779,139,829.598, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=50,174, start_time=1,779,139,829.56, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-7dbcb4428a9e5e71 | dst_ip=209.177.156.94, dst_port=3,478, duration_sec=0.04, end_time=1,779,139,814.838, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,814.8, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30 | |
| session | SESSION-1f115942b61afe54 | dst_ip=192.73.244.245, dst_port=3,478, duration_sec=0.07, end_time=1,779,139,827.597, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,827.529, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30 | |
| session | SESSION-1ea83345da6e2df0 | dst_ip=224.0.0.22, duration_sec=0.13, end_time=1,779,139,833.109, expected_protocol=unregistered:0, packet_count=2, proto=OTHER, protocol_anomaly_score=0, protocol_violations=, protocols=OTHER, src_ip=192.168.1.165, start_time=1,779,139,832.977, tcp_flags=, time_bucket=1,779,139,830, total_bytes=120, window_sec=30 | |
| session | SESSION-0e59fb5fe4c720df | dst_ip=192.168.1.185, dst_port=43,844, duration_sec=0.69, end_time=1,779,139,832.637, expected_protocol=unregistered:43844, packet_count=15, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=209.177.156.94, src_port=443, start_time=1,779,139,831.947, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=2,508, window_sec=30 | |
| session | SESSION-65a9e51617aa2712 | dst_ip=199.165.136.100, dst_port=443, duration_sec=4.53, end_time=1,779,139,821.588, expected_protocol=https, packet_count=6, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=45,590, start_time=1,779,139,817.062, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=1,951, window_sec=30 | |
| session | SESSION-e86e0a049372cc85 | dst_ip=142.250.113.95, dst_port=443, duration_sec=0.33, end_time=1,779,139,821.155, expected_protocol=quic, packet_count=20, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=55,836, start_time=1,779,139,820.821, tcp_flags=, time_bucket=1,779,139,800, total_bytes=8,541, window_sec=30 | |
| session | SESSION-f8dc5b0051ee4914 | dst_ip=192.168.1.1, duration_sec=12.77, end_time=1,779,139,827.691, expected_protocol=unregistered:0, packet_count=5, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=192.168.1.185, start_time=1,779,139,814.917, tcp_flags=, time_bucket=1,779,139,800, total_bytes=1,621, window_sec=30 | |
| session | SESSION-8c7ddbb6fe26a9a9 | dst_ip=192.168.1.185, dst_port=60,920, duration_sec=10.01, end_time=1,779,139,829.032, expected_protocol=unregistered:60920, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=216.239.32.223, src_port=443, start_time=1,779,139,819.023, tcp_flags=, time_bucket=1,779,139,800, total_bytes=298, window_sec=30 | |
| session | SESSION-68666b77cce29d40 | dst_ip=192.168.1.1, dst_port=53, duration_sec=4.54, end_time=1,779,139,820.366, expected_protocol=dns, packet_count=6, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=59,921, start_time=1,779,139,815.826, tcp_flags=, time_bucket=1,779,139,800, total_bytes=822, window_sec=30 | |
| session | SESSION-06fade4febc8462c | dst_ip=104.18.23.222, dst_port=443, duration_sec=0.42, end_time=1,779,139,827.943, expected_protocol=https, packet_count=21, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=51,621, start_time=1,779,139,827.526, tcp_flags=S,P,A, time_bucket=1,779,139,800, total_bytes=13,297, window_sec=30 | |
| session | SESSION-e6ad21d692182871 | dst_ip=199.165.136.100, dst_port=443, duration_sec=15.84, end_time=1,779,139,829.575, expected_protocol=https, packet_count=25, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=57,514, start_time=1,779,139,813.737, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=5,086, window_sec=30 | |
| session | SESSION-08bfd8721a383a39 | dst_ip=192.168.1.1, dst_port=53, duration_sec=0.18, end_time=1,779,139,833.635, expected_protocol=dns, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=55,743, start_time=1,779,139,833.456, tcp_flags=, time_bucket=1,779,139,830, total_bytes=410, window_sec=30 | |
| session | SESSION-e5c653feb7de823f | dst_ip=192.73.243.135, dst_port=3,478, duration_sec=0.06, end_time=1,779,139,814.863, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,814.8, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30 | |
| session | SESSION-441bb1af5ec88ffb | dst_ip=76.76.21.22, dst_port=443, duration_sec=0.03, end_time=1,779,139,829.733, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=58,156, start_time=1,779,139,829.699, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-8394aca80c2a0790 | dst_ip=52.182.143.215, dst_port=443, duration_sec=2.1, end_time=1,779,139,828.097, expected_protocol=https, packet_count=90, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=61,094, start_time=1,779,139,825.992, tcp_flags=S,P,A, time_bucket=1,779,139,800, total_bytes=141,514, window_sec=30 | |
| session | SESSION-3cb87513d2c7904f | dst_ip=192.168.1.1, dst_port=5,351, duration_sec=0.02, end_time=1,779,139,827.562, expected_protocol=unregistered:5351, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=65,065, start_time=1,779,139,827.538, tcp_flags=, time_bucket=1,779,139,800, total_bytes=230, window_sec=30 | |
| session | SESSION-21bfec774060aafb | dst_ip=192.168.1.1, dst_port=46,407, duration_sec=0.07, end_time=1,779,139,815.138, expected_protocol=unregistered:46407, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=45,114, start_time=1,779,139,815.064, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=2,087, window_sec=30 | |
| session | SESSION-7bf53771cd98ec17 | dst_ip=192.168.1.1, dst_port=5,351, duration_sec=0.13, end_time=1,779,139,814.917, expected_protocol=unregistered:5351, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=45,439, start_time=1,779,139,814.79, tcp_flags=, time_bucket=1,779,139,800, total_bytes=218, window_sec=30 | |
| session | SESSION-04dc5a38b6cabcef | dst_ip=192.168.1.185, dst_port=54,986, duration_sec=0, end_time=1,779,139,828.507, expected_protocol=unregistered:54986, packet_count=4, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=167.235.217.196, src_port=443, start_time=1,779,139,828.503, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=3,585, window_sec=30 | |
| session | SESSION-1065a64ded6cc44c | dst_ip=172.19.0.1, dst_port=44,244, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:44244, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-e0cdf80170e46e9e | dst_ip=142.250.115.95, dst_port=443, duration_sec=0.16, end_time=1,779,139,821.998, expected_protocol=quic, packet_count=21, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=59,475, start_time=1,779,139,821.843, tcp_flags=, time_bucket=1,779,139,800, total_bytes=8,434, window_sec=30 | |
| session | SESSION-055fd962754012c2 | dst_ip=104.208.203.89, dst_port=443, duration_sec=0.34, end_time=1,779,139,828.283, expected_protocol=https, packet_count=4, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=64,727, start_time=1,779,139,827.941, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=441, window_sec=30 | |
| session | SESSION-86bc6b9e53c222b0 | dst_ip=23.219.160.5, dst_port=443, duration_sec=1.45, end_time=1,779,139,815.348, expected_protocol=quic, packet_count=3, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=62,877, start_time=1,779,139,813.899, tcp_flags=, time_bucket=1,779,139,800, total_bytes=245, window_sec=30 | |
| session | SESSION-5673cdc8e15ecc28 | dst_ip=192.168.1.185, dst_port=54,986, duration_sec=0, end_time=1,779,139,830.263, expected_protocol=unregistered:54986, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=167.235.217.196, src_port=443, start_time=1,779,139,830.263, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=4,440, window_sec=30 | |
| session | SESSION-99947e3aab494326 | dst_ip=192.168.1.185, dst_port=51,645, duration_sec=0.05, end_time=1,779,139,832.907, expected_protocol=unregistered:51645, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.200.0.112, src_port=443, start_time=1,779,139,832.858, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=193, window_sec=30 | |
| session | SESSION-de97a19f0937505c | dst_ip=192.168.1.185, dst_port=51,146, duration_sec=0.05, end_time=1,779,139,823.88, expected_protocol=unregistered:51146, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.1.62, src_port=443, start_time=1,779,139,823.833, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=321, window_sec=30 | |
| session | SESSION-cbcc97483386b4f3 | dst_ip=104.18.32.47, dst_port=443, duration_sec=4.56, end_time=1,779,139,820.41, expected_protocol=https, packet_count=21, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=46,474, start_time=1,779,139,815.852, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=11,687, window_sec=30 | |
| session | SESSION-9b68d4601d0ccd30 | dst_ip=192.168.1.1, dst_port=46,407, duration_sec=0, end_time=1,779,139,815.064, expected_protocol=unregistered:46407, packet_count=12, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=45,112, start_time=1,779,139,815.061, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=4,269, window_sec=30 | |
| session | SESSION-fa034e5132aecf5b | dst_ip=13.107.226.57, dst_port=443, duration_sec=0.05, end_time=1,779,139,825.808, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=65,238, start_time=1,779,139,825.755, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-dabcbf693ac9fbef | dst_ip=150.171.28.10, dst_port=443, duration_sec=0.05, end_time=1,779,139,816.663, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=62,432, start_time=1,779,139,816.617, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-58f9cafe500f64ad | dst_ip=192.168.1.1, dst_port=53, duration_sec=11.67, end_time=1,779,139,827.523, expected_protocol=dns, packet_count=14, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=55,743, start_time=1,779,139,815.85, tcp_flags=, time_bucket=1,779,139,800, total_bytes=1,712, window_sec=30 | |
| session | SESSION-d7f6ed06cf3ab18b | dst_ip=192.168.1.185, duration_sec=0.04, end_time=1,779,139,831.948, expected_protocol=unregistered:0, packet_count=6, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=97.178.32.239, start_time=1,779,139,831.907, tcp_flags=, time_bucket=1,779,139,830, total_bytes=1,164, window_sec=30 | |
| session | SESSION-934baa2aae663ceb | dst_ip=151.101.113.140, dst_port=443, duration_sec=0.05, end_time=1,779,139,829.427, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=60,726, start_time=1,779,139,829.374, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-e25097cf84c7b988 | dst_ip=97.178.32.239, dst_port=1,050, duration_sec=10.55, end_time=1,779,139,824.457, expected_protocol=unregistered:1050, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-9c85e6a530e7f20f | dst_ip=192.200.0.112, dst_port=443, duration_sec=0.17, end_time=1,779,139,815.353, expected_protocol=https, packet_count=5, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=44,420, start_time=1,779,139,815.185, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=1,924, window_sec=30 | |
| session | SESSION-1835bee014d5b0b3 | dst_ip=172.17.0.1, dst_port=44,244, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:44244, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-4cf06bd9f9c07bb4 | dst_ip=97.178.32.239, dst_port=31,036, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:31036, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30 | |
| session | SESSION-22420a928847cfad | dst_ip=192.168.1.1, dst_port=5,351, duration_sec=0.13, end_time=1,779,139,814.936, expected_protocol=unregistered:5351, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=45,706, start_time=1,779,139,814.81, tcp_flags=, time_bucket=1,779,139,800, total_bytes=230, window_sec=30 | |
| session | SESSION-b7338ba843b2dafa | dst_ip=192.73.248.83, dst_port=443, duration_sec=14.66, end_time=1,779,139,828.562, expected_protocol=https, packet_count=96, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=49,982, start_time=1,779,139,813.904, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=30,133, window_sec=30 | |
| session | SESSION-65e185b6eab54d6a | dst_ip=192.168.1.1, dst_port=5,351, duration_sec=0.15, end_time=1,779,139,827.691, expected_protocol=unregistered:5351, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=65,066, start_time=1,779,139,827.54, tcp_flags=, time_bucket=1,779,139,800, total_bytes=218, window_sec=30 | |
| session | SESSION-716de9787a03c45e | dst_ip=23.219.160.5, dst_port=443, duration_sec=8.35, end_time=1,779,139,823.758, expected_protocol=quic, packet_count=40, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=60,418, start_time=1,779,139,815.405, tcp_flags=, time_bucket=1,779,139,800, total_bytes=9,890, window_sec=30 | |
| session | SESSION-17e440ba96a7a7b5 | dst_ip=142.250.115.95, dst_port=443, duration_sec=5.59, end_time=1,779,139,822.073, expected_protocol=quic, packet_count=11, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=57,835, start_time=1,779,139,816.478, tcp_flags=, time_bucket=1,779,139,800, total_bytes=1,532, window_sec=30 | |
| session | SESSION-05305b96b26cdffd | dst_ip=192.168.1.185, dst_port=52,640, duration_sec=0.07, end_time=1,779,139,827.193, expected_protocol=unregistered:52640, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.39.21, src_port=443, start_time=1,779,139,827.119, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=220, window_sec=30 | |
| session | SESSION-d146af26ba988e06 | dst_ip=104.18.32.47, dst_port=443, duration_sec=4.3, end_time=1,779,139,829.989, expected_protocol=https, packet_count=18, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=44,698, start_time=1,779,139,825.688, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=11,087, window_sec=30 | |
| session | SESSION-2681df7af5f78270 | dst_ip=192.168.1.185, duration_sec=10.59, end_time=1,779,139,824.499, expected_protocol=unregistered:0, packet_count=18, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=97.178.32.239, start_time=1,779,139,813.905, tcp_flags=, time_bucket=1,779,139,800, total_bytes=3,492, window_sec=30 | |
| session | SESSION-bc4350b5c6d66f3f | dst_ip=34.111.31.13, dst_port=443, duration_sec=0.03, end_time=1,779,139,830.188, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=61,825, start_time=1,779,139,830.154, tcp_flags=A, time_bucket=1,779,139,830, total_bytes=121, window_sec=30 | |
| session | SESSION-ce6603a48a5c4c37 | dst_ip=23.219.160.5, dst_port=443, duration_sec=0.09, end_time=1,779,139,830.263, expected_protocol=quic, packet_count=2, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=60,418, start_time=1,779,139,830.169, tcp_flags=, time_bucket=1,779,139,830, total_bytes=137, window_sec=30 | |
| session | SESSION-7b2b00e0ceb88c09 | dst_ip=20.62.59.32, dst_port=443, duration_sec=13.14, end_time=1,779,139,827.119, expected_protocol=https, packet_count=6, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=64,848, start_time=1,779,139,813.976, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=422, window_sec=30 | |
| session | SESSION-ea1d23994577309a | dst_ip=192.168.1.185, dst_port=52,133, duration_sec=8.09, end_time=1,779,139,825.978, expected_protocol=unregistered:52133, packet_count=14, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.22.222, src_port=443, start_time=1,779,139,817.888, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=1,002, window_sec=30 | |
| session | SESSION-10cf97843d85c279 | dst_ip=209.177.156.94, dst_port=3,478, duration_sec=0.03, end_time=1,779,139,827.562, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,827.529, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30 | |
| session | SESSION-348feef1c6ca6285 | dst_ip=151.101.113.140, dst_port=443, duration_sec=0.06, end_time=1,779,139,829.463, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=52,662, start_time=1,779,139,829.405, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| session | SESSION-502ccca87ddbbb24 | dst_ip=35.190.80.1, dst_port=443, duration_sec=0.03, end_time=1,779,139,826.633, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=49,433, start_time=1,779,139,826.6, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30 | |
| tls_sni | tls_sni:copilot.microsoft.com | sni=copilot.microsoft.com | |
| tls_sni | tls_sni:browser.events.data.microsoft.com | sni=browser.events.data.microsoft.com | |
| tls_sni | tls_sni:chatgpt.com | sni=chatgpt.com |
| Kind | ID | Nodes |
|---|---|---|
| flow_observed5-aryOBS | e:fo:flow:4ac806f4d834 | flow:4ac806f4d834 β host:192.168.1.185 β host:20.62.59.32 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-de97a19f0937505c:host:192.168.1.185 | SESSION-de97a19f0937505c β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-de97a19f0937505c:host:192.168.1.185 | SESSION-de97a19f0937505c β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:26faad66f81e:port:udp:44244 | flow:26faad66f81e β port:udp:44244 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-c4d9c40a7fec56be:host:192.168.1.185 | SESSION-c4d9c40a7fec56be β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:bf8f4a131249:port:udp:44244 | flow:bf8f4a131249 β port:udp:44244 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-a019cb392bc23a7a:flow:65175f124256 | SESSION-a019cb392bc23a7a β flow:65175f124256 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-055fd962754012c2:host:192.168.1.185 | SESSION-055fd962754012c2 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e66fd8e05921da5d:host:192.168.1.185 | SESSION-e66fd8e05921da5d β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-934baa2aae663ceb:host:151.101.113.140 | SESSION-934baa2aae663ceb β host:151.101.113.140 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e86e0a049372cc85:host:192.168.1.185 | SESSION-e86e0a049372cc85 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:7986b2093729:port:tcp:443 | flow:7986b2093729 β port:tcp:443 |
| flow_observed5-aryOBS | e:fo:flow:c0b4f157e073 | flow:c0b4f157e073 β host:192.168.1.185 β host:34.111.31.13 β port:tcp:443 β svc:https |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e86e0a049372cc85:host:192.168.1.185:host:142.250.113.95 | SESSION-e86e0a049372cc85 β host:192.168.1.185 β host:142.250.113.95 |
| FLOW_TO_HOSTOBS | e:to:SESSION-f8dc5b0051ee4914:host:192.168.1.1 | SESSION-f8dc5b0051ee4914 β host:192.168.1.1 |
| HOST_IN_ASNOBS 85% | e:ha:host:192.73.244.245:asn:36236 | host:192.73.244.245 β asn:36236 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-d146af26ba988e06:host:192.168.1.185 | SESSION-d146af26ba988e06 β host:192.168.1.185 |
| FLOW_TLS_SNIOBS | e:fs:flow:189be888c3af:tls_sni:copilot.microsoft.com | flow:189be888c3af β tls_sni:copilot.microsoft.com |
| flow_observed4-aryOBS | e:fo:flow:5b983251f483 | flow:5b983251f483 β host:104.18.22.222 β host:192.168.1.185 β port:tcp:52133 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-9b68d4601d0ccd30:host:192.168.1.185:host:192.168.1.1 | SESSION-9b68d4601d0ccd30 β host:192.168.1.185 β host:192.168.1.1 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e565a4fbf5cff09b:host:192.168.1.185 | SESSION-e565a4fbf5cff09b β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e66fd8e05921da5d:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e66fd8e05921da5d β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-b7338ba843b2dafa:flow:a3f08c1df1f5 | SESSION-b7338ba843b2dafa β flow:a3f08c1df1f5 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-c4d9c40a7fec56be:host:135.234.174.40 | SESSION-c4d9c40a7fec56be β host:135.234.174.40 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-9c85e6a530e7f20f:flow:9d482c927ad5 | SESSION-9c85e6a530e7f20f β flow:9d482c927ad5 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-2681df7af5f78270:host:97.178.32.239 | SESSION-2681df7af5f78270 β host:97.178.32.239 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-055fd962754012c2:host:192.168.1.185:host:104.208.203.89 | SESSION-055fd962754012c2 β host:192.168.1.185 β host:104.208.203.89 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-934baa2aae663ceb:flow:eb3b47352f67 | SESSION-934baa2aae663ceb β flow:eb3b47352f67 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-200a1edeb5081c1b:host:192.168.1.185 | SESSION-200a1edeb5081c1b β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-423d6f8fa2a9f7bc:flow:df1c396b8733 | SESSION-423d6f8fa2a9f7bc β flow:df1c396b8733 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-99947e3aab494326:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-99947e3aab494326 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-86bc6b9e53c222b0:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-86bc6b9e53c222b0 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| flow_observed5-aryOBS | e:fo:flow:189be888c3af | flow:189be888c3af β host:192.168.1.185 β host:104.18.23.222 β port:tcp:443 β svc:https |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e881aa680da5dbf3:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e881aa680da5dbf3 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| ASN_IN_ORGOBS 80% | e:ao:asn:6167:org:Verizon Business | asn:6167 β org:Verizon Business |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-9c85e6a530e7f20f:host:192.200.0.112 | SESSION-9c85e6a530e7f20f β host:192.200.0.112 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-36cd4459caa078a9:host:135.234.174.40 | SESSION-36cd4459caa078a9 β host:135.234.174.40 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-1065a64ded6cc44c:host:172.19.0.1 | SESSION-1065a64ded6cc44c β host:172.19.0.1 |
| flow_observed4-aryOBS | e:fo:flow:a25fcb74f721 | flow:a25fcb74f721 β host:216.24.57.7 β host:192.168.1.185 β port:tcp:58631 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-ce6603a48a5c4c37:host:192.168.1.185:host:23.219.160.5 | SESSION-ce6603a48a5c4c37 β host:192.168.1.185 β host:23.219.160.5 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-83d0b20751c23f69:host:192.168.1.1 | SESSION-83d0b20751c23f69 β host:192.168.1.1 |
| FLOW_TO_HOSTOBS | e:to:SESSION-716de9787a03c45e:host:23.219.160.5 | SESSION-716de9787a03c45e β host:23.219.160.5 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-2014bf32e6dab59e:host:192.168.1.185:host:151.101.113.140 | SESSION-2014bf32e6dab59e β host:192.168.1.185 β host:151.101.113.140 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-17e440ba96a7a7b5:host:192.168.1.185 | SESSION-17e440ba96a7a7b5 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-716de9787a03c45e:host:192.168.1.185 | SESSION-716de9787a03c45e β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:6fe67514daf4:port:tcp:443 | flow:6fe67514daf4 β port:tcp:443 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e881aa680da5dbf3:host:192.168.1.185 | SESSION-e881aa680da5dbf3 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e86e0a049372cc85:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e86e0a049372cc85 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| flow_observed5-aryOBS | e:fo:flow:d83699920b5b | flow:d83699920b5b β host:192.168.1.185 β host:151.101.113.140 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-fa034e5132aecf5b:host:192.168.1.185 | SESSION-fa034e5132aecf5b β host:192.168.1.185 |
| HOST_IN_ASNOBS 85% | e:ha:host:52.110.6.13:asn:8075 | host:52.110.6.13 β asn:8075 |
| HOST_IN_ASNOBS 85% | e:ha:host:150.171.28.10:asn:8075 | host:150.171.28.10 β asn:8075 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e25097cf84c7b988:host:192.168.1.185 | SESSION-e25097cf84c7b988 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-22420a928847cfad:host:192.168.1.185 | SESSION-22420a928847cfad β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-83d0b20751c23f69:host:192.168.1.185:host:192.168.1.1 | SESSION-83d0b20751c23f69 β host:192.168.1.185 β host:192.168.1.1 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-441bb1af5ec88ffb:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-441bb1af5ec88ffb β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_DST_PORTOBS | e:fp:flow:21a678dc75de:port:tcp:443 | flow:21a678dc75de β port:tcp:443 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-787a71cfd2c6f769:flow:c65476284ea0 | SESSION-787a71cfd2c6f769 β flow:c65476284ea0 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-9dab8edd40d14d9d:SESSION-9dab8edd40d14d9d | SESSION-9dab8edd40d14d9d β pe:tls:SESSION-9dab8edd40d14d9d |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:192.73.243.135:geo_25.77010_-80.19280 | host:192.73.243.135 β geo_25.77010_-80.19280 |
| FLOW_DST_PORTOBS | e:fp:flow:c65476284ea0:port:tcp:61509 | flow:c65476284ea0 β port:tcp:61509 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-10cf97843d85c279:host:209.177.156.94 | SESSION-10cf97843d85c279 β host:209.177.156.94 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-81e5b5be161de125:host:192.168.1.185 | SESSION-81e5b5be161de125 β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e881aa680da5dbf3:flow:f3b81336df74 | SESSION-e881aa680da5dbf3 β flow:f3b81336df74 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-58f9cafe500f64ad:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-58f9cafe500f64ad β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-423d6f8fa2a9f7bc:host:23.213.232.172 | SESSION-423d6f8fa2a9f7bc β host:23.213.232.172 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-502ccca87ddbbb24:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-502ccca87ddbbb24 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-7bf53771cd98ec17:host:192.168.1.1 | SESSION-7bf53771cd98ec17 β host:192.168.1.1 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-d146af26ba988e06:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-d146af26ba988e06 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e565a4fbf5cff09b:flow:6fe67514daf4 | SESSION-e565a4fbf5cff09b β flow:6fe67514daf4 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-7bf53771cd98ec17:host:192.168.1.185 | SESSION-7bf53771cd98ec17 β host:192.168.1.185 |
| HOST_IN_ASNOBS 85% | e:ha:host:199.165.136.100:asn:14618 | host:199.165.136.100 β asn:14618 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-dabcbf693ac9fbef:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-dabcbf693ac9fbef β BSG-HORIZ_SCAN-cd2c52661c4b |
| FLOW_DST_PORTOBS | e:fp:flow:4ac806f4d834:port:tcp:443 | flow:4ac806f4d834 β port:tcp:443 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-2681df7af5f78270:host:192.168.1.185 | SESSION-2681df7af5f78270 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:c0b4f157e073:port:tcp:443 | flow:c0b4f157e073 β port:tcp:443 |
| flow_observed4-aryOBS | e:fo:flow:df1c396b8733 | flow:df1c396b8733 β host:23.213.232.172 β host:192.168.1.185 β port:tcp:51966 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-200a1edeb5081c1b:host:52.110.6.13:host:192.168.1.185 | SESSION-200a1edeb5081c1b β host:52.110.6.13 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:ab2fda60ec38:port:tcp:443 | flow:ab2fda60ec38 β port:tcp:443 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-200a1edeb5081c1b:host:52.110.6.13 | SESSION-200a1edeb5081c1b β host:52.110.6.13 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-b7338ba843b2dafa:host:192.168.1.185:host:192.73.248.83 | SESSION-b7338ba843b2dafa β host:192.168.1.185 β host:192.73.248.83 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-c8f5f362e7c0c5c8:host:216.24.57.251 | SESSION-c8f5f362e7c0c5c8 β host:216.24.57.251 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-200a1edeb5081c1b:SESSION-200a1edeb5081c1b | SESSION-200a1edeb5081c1b β pe:tls:SESSION-200a1edeb5081c1b |
| ASN_IN_ORGOBS 80% | e:ao:asn:24940:org:Hetzner Online GmbH | asn:24940 β org:Hetzner Online GmbH |
| FLOW_DST_PORTOBS | e:fp:flow:e34282443dab:port:udp:443 | flow:e34282443dab β port:udp:443 |
| flow_observed4-aryOBS | e:fo:flow:60dd2a974649 | flow:60dd2a974649 β host:192.168.1.185 β host:192.168.1.1 β port:udp:5351 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:dns:SESSION-08bfd8721a383a39:SESSION-08bfd8721a383a39 | SESSION-08bfd8721a383a39 β pe:dns:SESSION-08bfd8721a383a39 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-9dab8edd40d14d9d:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-9dab8edd40d14d9d β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_DST_PORTOBS | e:fp:flow:c44b4fd56f98:port:udp:60920 | flow:c44b4fd56f98 β port:udp:60920 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-9b68d4601d0ccd30:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-9b68d4601d0ccd30 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-b7338ba843b2dafa:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-b7338ba843b2dafa β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e0cdf80170e46e9e:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e0cdf80170e46e9e β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e6729d0ebc579395:host:97.178.32.239 | SESSION-e6729d0ebc579395 β host:97.178.32.239 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-f8dc5b0051ee4914:flow:bf7a9427297d | SESSION-f8dc5b0051ee4914 β flow:bf7a9427297d |
| FLOW_TO_HOSTOBS | e:to:SESSION-741380b5a9a3a6c7:host:192.168.1.185 | SESSION-741380b5a9a3a6c7 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-1065a64ded6cc44c:host:192.168.1.185:host:172.19.0.1 | SESSION-1065a64ded6cc44c β host:192.168.1.185 β host:172.19.0.1 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-423d6f8fa2a9f7bc:host:23.213.232.172:host:192.168.1.185 | SESSION-423d6f8fa2a9f7bc β host:23.213.232.172 β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-348feef1c6ca6285:SESSION-348feef1c6ca6285 | SESSION-348feef1c6ca6285 β pe:tls:SESSION-348feef1c6ca6285 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-22420a928847cfad:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-22420a928847cfad β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-fa034e5132aecf5b:flow:abe950115ba3 | SESSION-fa034e5132aecf5b β flow:abe950115ba3 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-83d0b20751c23f69:flow:4eed5ff51111 | SESSION-83d0b20751c23f69 β flow:4eed5ff51111 |
| FLOW_DST_PORTOBS | e:fp:flow:4f5810e72704:port:udp:3478 | flow:4f5810e72704 β port:udp:3478 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-9b68d4601d0ccd30:host:192.168.1.185 | SESSION-9b68d4601d0ccd30 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-2014bf32e6dab59e:host:192.168.1.185 | SESSION-2014bf32e6dab59e β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-dabcbf693ac9fbef:host:192.168.1.185 | SESSION-dabcbf693ac9fbef β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-68666b77cce29d40:host:192.168.1.185 | SESSION-68666b77cce29d40 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:62d01d1bf747:port:udp:3478 | flow:62d01d1bf747 β port:udp:3478 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-1ea83345da6e2df0:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-1ea83345da6e2df0 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:216.24.57.251:geo_37.75100_-97.82200 | host:216.24.57.251 β geo_37.75100_-97.82200 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-65a9e51617aa2712:host:192.168.1.185 | SESSION-65a9e51617aa2712 β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-05305b96b26cdffd:flow:0380e0cd29dc | SESSION-05305b96b26cdffd β flow:0380e0cd29dc |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e5c653feb7de823f:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e5c653feb7de823f β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_DST_PORTOBS | e:fp:flow:660ca437efa1:port:udp:53 | flow:660ca437efa1 β port:udp:53 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90% | e:bsg:SESSION-21bfec774060aafb:BSG-BEACON-4bc57cbec7cd | SESSION-21bfec774060aafb β BSG-BEACON-4bc57cbec7cd |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-10cf97843d85c279:host:192.168.1.185 | SESSION-10cf97843d85c279 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-441bb1af5ec88ffb:host:192.168.1.185:host:76.76.21.22 | SESSION-441bb1af5ec88ffb β host:192.168.1.185 β host:76.76.21.22 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-58f9cafe500f64ad:flow:660ca437efa1 | SESSION-58f9cafe500f64ad β flow:660ca437efa1 |
| FLOW_DST_PORTOBS | e:fp:flow:cb933110cf94:port:tcp:443 | flow:cb933110cf94 β port:tcp:443 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-200a1edeb5081c1b:host:52.110.6.13 | SESSION-200a1edeb5081c1b β host:52.110.6.13 |
| flow_observed4-aryOBS | e:fo:flow:7fc08133133d | flow:7fc08133133d β host:192.168.1.185 β host:172.19.0.1 β port:udp:44244 |
| PORT_IMPLIED_SERVICEIMP 70% | e:ps:port:tcp:443:svc:https | port:tcp:443 β svc:https |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-f8dc5b0051ee4914:host:192.168.1.185:host:192.168.1.1 | SESSION-f8dc5b0051ee4914 β host:192.168.1.185 β host:192.168.1.1 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-329be171c0b80b92:host:192.168.1.185 | SESSION-329be171c0b80b92 β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-4cf06bd9f9c07bb4:flow:478de54cd94a | SESSION-4cf06bd9f9c07bb4 β flow:478de54cd94a |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-e6ad21d692182871:SESSION-e6ad21d692182871 | SESSION-e6ad21d692182871 β pe:tls:SESSION-e6ad21d692182871 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-3cb87513d2c7904f:host:192.168.1.185 | SESSION-3cb87513d2c7904f β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-787a71cfd2c6f769:host:192.168.1.185 | SESSION-787a71cfd2c6f769 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e565a4fbf5cff09b:host:192.168.1.185:host:192.73.248.83 | SESSION-e565a4fbf5cff09b β host:192.168.1.185 β host:192.73.248.83 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e66fd8e05921da5d:host:172.18.0.1 | SESSION-e66fd8e05921da5d β host:172.18.0.1 |
| flow_observed5-aryOBS | e:fo:flow:7986b2093729 | flow:7986b2093729 β host:192.168.1.185 β host:104.18.32.47 β port:tcp:443 β svc:https |
| FLOW_DST_PORTOBS | e:fp:flow:60dd2a974649:port:udp:5351 | flow:60dd2a974649 β port:udp:5351 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-06fade4febc8462c:SESSION-06fade4febc8462c | SESSION-06fade4febc8462c β pe:tls:SESSION-06fade4febc8462c |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-b7d90a2138968fa3:SESSION-b7d90a2138968fa3 | SESSION-b7d90a2138968fa3 β pe:tls:SESSION-b7d90a2138968fa3 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-4cf06bd9f9c07bb4:host:192.168.1.185:host:97.178.32.239 | SESSION-4cf06bd9f9c07bb4 β host:192.168.1.185 β host:97.178.32.239 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-99947e3aab494326:host:192.200.0.112 | SESSION-99947e3aab494326 β host:192.200.0.112 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-cbcc97483386b4f3:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-cbcc97483386b4f3 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-934baa2aae663ceb:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-934baa2aae663ceb β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-5419af02605f5da4:host:97.178.32.239 | SESSION-5419af02605f5da4 β host:97.178.32.239 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-502ccca87ddbbb24:host:192.168.1.185 | SESSION-502ccca87ddbbb24 β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-502ccca87ddbbb24:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-502ccca87ddbbb24 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-d7f6ed06cf3ab18b:host:97.178.32.239:host:192.168.1.185 | SESSION-d7f6ed06cf3ab18b β host:97.178.32.239 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-9dab8edd40d14d9d:host:192.168.1.185 | SESSION-9dab8edd40d14d9d β host:192.168.1.185 |
| flow_observed5-aryOBS | e:fo:flow:9aa8161296f7 | flow:9aa8161296f7 β host:192.168.1.185 β host:199.165.136.100 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-0e59fb5fe4c720df:host:192.168.1.185 | SESSION-0e59fb5fe4c720df β host:192.168.1.185 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:23.213.232.172:geo_32.77970_-96.80220 | host:23.213.232.172 β geo_32.77970_-96.80220 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-bcd07bc8e00bd126:host:209.177.158.246 | SESSION-bcd07bc8e00bd126 β host:209.177.158.246 |
| flow_observed4-aryOBS | e:fo:flow:478de54cd94a | flow:478de54cd94a β host:192.168.1.185 β host:97.178.32.239 β port:udp:31036 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-9dab8edd40d14d9d:host:104.18.39.21:host:192.168.1.185 | SESSION-9dab8edd40d14d9d β host:104.18.39.21 β host:192.168.1.185 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:23.219.160.5:geo_29.75390_-95.35900 | host:23.219.160.5 β geo_29.75390_-95.35900 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-c8f5f362e7c0c5c8:host:192.168.1.185 | SESSION-c8f5f362e7c0c5c8 β host:192.168.1.185 |
| flow_observed5-aryOBS | e:fo:flow:eb3b47352f67 | flow:eb3b47352f67 β host:192.168.1.185 β host:151.101.113.140 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-502ccca87ddbbb24:flow:1cae684ccaf1 | SESSION-502ccca87ddbbb24 β flow:1cae684ccaf1 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-e53f703ab7b48a77:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-e53f703ab7b48a77 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-fa034e5132aecf5b:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-fa034e5132aecf5b β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_TO_HOSTOBS | e:to:SESSION-bcd07bc8e00bd126:host:209.177.158.246 | SESSION-bcd07bc8e00bd126 β host:209.177.158.246 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-787a71cfd2c6f769:host:162.159.128.61 | SESSION-787a71cfd2c6f769 β host:162.159.128.61 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e565a4fbf5cff09b:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e565a4fbf5cff09b β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-1065a64ded6cc44c:host:192.168.1.185 | SESSION-1065a64ded6cc44c β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-21bfec774060aafb:host:192.168.1.185:host:192.168.1.1 | SESSION-21bfec774060aafb β host:192.168.1.185 β host:192.168.1.1 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-b7338ba843b2dafa:host:192.73.248.83 | SESSION-b7338ba843b2dafa β host:192.73.248.83 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e6ad21d692182871:host:192.168.1.185:host:199.165.136.100 | SESSION-e6ad21d692182871 β host:192.168.1.185 β host:199.165.136.100 |
| HOST_IN_ASNOBS 85% | e:ha:host:192.200.0.112:asn:16509 | host:192.200.0.112 β asn:16509 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-502ccca87ddbbb24:host:35.190.80.1 | SESSION-502ccca87ddbbb24 β host:35.190.80.1 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e881aa680da5dbf3:host:192.168.1.185 | SESSION-e881aa680da5dbf3 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-cbcc97483386b4f3:host:192.168.1.185 | SESSION-cbcc97483386b4f3 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-184b3698d564c9c7:host:192.168.1.185 | SESSION-184b3698d564c9c7 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-bc4350b5c6d66f3f:host:192.168.1.185 | SESSION-bc4350b5c6d66f3f β host:192.168.1.185 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:216.239.32.223:geo_37.75100_-97.82200 | host:216.239.32.223 β geo_37.75100_-97.82200 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-a019cb392bc23a7a:host:192.168.1.185 | SESSION-a019cb392bc23a7a β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-787a71cfd2c6f769:host:162.159.128.61 | SESSION-787a71cfd2c6f769 β host:162.159.128.61 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-86bc6b9e53c222b0:host:23.219.160.5 | SESSION-86bc6b9e53c222b0 β host:23.219.160.5 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-a019cb392bc23a7a:SESSION-a019cb392bc23a7a | SESSION-a019cb392bc23a7a β pe:tls:SESSION-a019cb392bc23a7a |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-b7d90a2138968fa3:flow:495f7c8d94fd | SESSION-b7d90a2138968fa3 β flow:495f7c8d94fd |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e565a4fbf5cff09b:host:192.73.248.83 | SESSION-e565a4fbf5cff09b β host:192.73.248.83 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e881aa680da5dbf3:host:151.101.112.217 | SESSION-e881aa680da5dbf3 β host:151.101.112.217 |
| FLOW_DST_PORTOBS | e:fp:flow:eb3b47352f67:port:tcp:443 | flow:eb3b47352f67 β port:tcp:443 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-7b2b00e0ceb88c09:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-7b2b00e0ceb88c09 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e6ad21d692182871:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e6ad21d692182871 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-10cf97843d85c279:flow:fdf049da8b14 | SESSION-10cf97843d85c279 β flow:fdf049da8b14 |
| FLOW_DST_PORTOBS | e:fp:flow:a25fcb74f721:port:tcp:58631 | flow:a25fcb74f721 β port:tcp:58631 |
| FLOW_DST_PORTOBS | e:fp:flow:df1c396b8733:port:tcp:51966 | flow:df1c396b8733 β port:tcp:51966 |
| FLOW_TO_HOSTOBS | e:to:SESSION-7b2b00e0ceb88c09:host:20.62.59.32 | SESSION-7b2b00e0ceb88c09 β host:20.62.59.32 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-dabcbf693ac9fbef:host:192.168.1.185 | SESSION-dabcbf693ac9fbef β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-1f115942b61afe54:flow:4f5810e72704 | SESSION-1f115942b61afe54 β flow:4f5810e72704 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-8c7ddbb6fe26a9a9:flow:c44b4fd56f98 | SESSION-8c7ddbb6fe26a9a9 β flow:c44b4fd56f98 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-9c85e6a530e7f20f:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-9c85e6a530e7f20f β BSG-HORIZ_SCAN-cd2c52661c4b |
| FLOW_TO_HOSTOBS | e:to:SESSION-8fd6ad39adf47a18:host:192.168.1.185 | SESSION-8fd6ad39adf47a18 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:5a246bdf60e4:port:tcp:443 | flow:5a246bdf60e4 β port:tcp:443 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-0e59fb5fe4c720df:host:209.177.156.94 | SESSION-0e59fb5fe4c720df β host:209.177.156.94 |
| flow_observed4-aryOBS | e:fo:flow:65c7de267840 | flow:65c7de267840 β host:192.168.1.185 β host:192.168.1.1 β port:udp:5351 |
| HOST_IN_ASNOBS 85% | e:ha:host:216.24.57.7:asn:397273 | host:216.24.57.7 β asn:397273 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:660ca437efa1:dns:signaler-pa.clients6.google.com | flow:660ca437efa1 β dns:signaler-pa.clients6.google.com |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e6729d0ebc579395:host:192.168.1.185 | SESSION-e6729d0ebc579395 β host:192.168.1.185 |
| HOST_IN_ASNOBS 85% | e:ha:host:209.177.158.246:asn:36236 | host:209.177.158.246 β asn:36236 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-3cb87513d2c7904f:host:192.168.1.185:host:192.168.1.1 | SESSION-3cb87513d2c7904f β host:192.168.1.185 β host:192.168.1.1 |
| flow_observed5-aryOBS | e:fo:flow:9d482c927ad5 | flow:9d482c927ad5 β host:192.168.1.185 β host:192.200.0.112 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-c4d9c40a7fec56be:host:192.168.1.185 | SESSION-c4d9c40a7fec56be β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-1f115942b61afe54:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-1f115942b61afe54 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:209.177.156.94:geo_32.77970_-96.80220 | host:209.177.156.94 β geo_32.77970_-96.80220 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-2681df7af5f78270:flow:7395be855a32 | SESSION-2681df7af5f78270 β flow:7395be855a32 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-a019cb392bc23a7a:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-a019cb392bc23a7a β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_DST_PORTOBS | e:fp:flow:f79c1639a1f7:port:udp:11130 | flow:f79c1639a1f7 β port:udp:11130 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e25097cf84c7b988:host:192.168.1.185:host:97.178.32.239 | SESSION-e25097cf84c7b988 β host:192.168.1.185 β host:97.178.32.239 |
| FLOW_TLS_SNIOBS | e:fs:flow:7986b2093729:tls_sni:chatgpt.com | flow:7986b2093729 β tls_sni:chatgpt.com |
| flow_observed5-aryOBS | e:fo:flow:46c89f86a16a | flow:46c89f86a16a β host:192.168.1.185 β host:23.219.160.5 β port:udp:443 β svc:https |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-4cf06bd9f9c07bb4:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-4cf06bd9f9c07bb4 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-de97a19f0937505c:host:104.18.1.62 | SESSION-de97a19f0937505c β host:104.18.1.62 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-81e5b5be161de125:host:192.168.1.185:host:151.101.114.172 | SESSION-81e5b5be161de125 β host:192.168.1.185 β host:151.101.114.172 |
| flow_observed4-aryOBS | e:fo:flow:1fbee9feb06d | flow:1fbee9feb06d β host:104.18.1.62 β host:192.168.1.185 β port:tcp:51146 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-9c845bfb2b534b59:flow:c378386f9a22 | SESSION-9c845bfb2b534b59 β flow:c378386f9a22 |
| FLOW_TO_HOSTOBS | e:to:SESSION-0e59fb5fe4c720df:host:192.168.1.185 | SESSION-0e59fb5fe4c720df β host:192.168.1.185 |
| flow_observed3-aryOBS | e:fo:flow:d658b18ff560 | flow:d658b18ff560 β host:192.168.1.165 β host:224.0.0.22 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-934baa2aae663ceb:host:192.168.1.185:host:151.101.113.140 | SESSION-934baa2aae663ceb β host:192.168.1.185 β host:151.101.113.140 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-5673cdc8e15ecc28:flow:9cc54a60d88a | SESSION-5673cdc8e15ecc28 β flow:9cc54a60d88a |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-5419af02605f5da4:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-5419af02605f5da4 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-8c7ddbb6fe26a9a9:host:192.168.1.185 | SESSION-8c7ddbb6fe26a9a9 β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-8394aca80c2a0790:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-8394aca80c2a0790 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-055fd962754012c2:flow:779733f74ceb | SESSION-055fd962754012c2 β flow:779733f74ceb |
| FLOW_TO_HOSTOBS | e:to:SESSION-7bf53771cd98ec17:host:192.168.1.1 | SESSION-7bf53771cd98ec17 β host:192.168.1.1 |
| HOST_IN_ASNOBS 85% | e:ha:host:209.177.156.94:asn:36236 | host:209.177.156.94 β asn:36236 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-184b3698d564c9c7:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-184b3698d564c9c7 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:76.76.21.22:geo_34.02330_-117.85120 | host:76.76.21.22 β geo_34.02330_-117.85120 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e5c653feb7de823f:host:192.73.243.135 | SESSION-e5c653feb7de823f β host:192.73.243.135 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e25097cf84c7b988:host:97.178.32.239 | SESSION-e25097cf84c7b988 β host:97.178.32.239 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-08bfd8721a383a39:host:192.168.1.185 | SESSION-08bfd8721a383a39 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-83d0b20751c23f69:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-83d0b20751c23f69 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-329be171c0b80b92:flow:a912cd07306b | SESSION-329be171c0b80b92 β flow:a912cd07306b |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-8394aca80c2a0790:SESSION-8394aca80c2a0790 | SESSION-8394aca80c2a0790 β pe:tls:SESSION-8394aca80c2a0790 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-2014bf32e6dab59e:flow:d83699920b5b | SESSION-2014bf32e6dab59e β flow:d83699920b5b |
| flow_observed4-aryOBS | e:fo:flow:dd3dd13e1b60 | flow:dd3dd13e1b60 β host:192.168.1.185 β host:209.177.158.246 β port:udp:3478 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e6729d0ebc579395:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e6729d0ebc579395 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| HOST_IN_ASNOBS 85% | e:ha:host:13.107.226.57:asn:8075 | host:13.107.226.57 β asn:8075 |
| ASN_IN_ORGOBS 80% | e:ao:asn:36236:org:NetActuate, Inc | asn:36236 β org:NetActuate, Inc |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-8fd6ad39adf47a18:SESSION-8fd6ad39adf47a18 | SESSION-8fd6ad39adf47a18 β pe:tls:SESSION-8fd6ad39adf47a18 |
| FLOW_TO_HOSTOBS | e:to:SESSION-5673cdc8e15ecc28:host:192.168.1.185 | SESSION-5673cdc8e15ecc28 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-8fd6ad39adf47a18:host:104.18.36.216:host:192.168.1.185 | SESSION-8fd6ad39adf47a18 β host:104.18.36.216 β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-8394aca80c2a0790:flow:7be9da9aa76d | SESSION-8394aca80c2a0790 β flow:7be9da9aa76d |
| HOST_IN_ASNOBS 85% | e:ha:host:192.73.248.83:asn:36236 | host:192.73.248.83 β asn:36236 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-86bc6b9e53c222b0:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-86bc6b9e53c222b0 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95% | e:bsg:SESSION-d146af26ba988e06:BSG-DATA_EXFIL-78b438a917b5 | SESSION-d146af26ba988e06 β BSG-DATA_EXFIL-78b438a917b5 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-3cb87513d2c7904f:flow:60dd2a974649 | SESSION-3cb87513d2c7904f β flow:60dd2a974649 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:dc8e0c394478:dns:bat.bing.com | flow:dc8e0c394478 β dns:bat.bing.com |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:syn:SESSION-8394aca80c2a0790:SESSION-8394aca80c2a0790 | SESSION-8394aca80c2a0790 β pe:syn:SESSION-8394aca80c2a0790 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:syn:SESSION-21bfec774060aafb:SESSION-21bfec774060aafb | SESSION-21bfec774060aafb β pe:syn:SESSION-21bfec774060aafb |
| flow_observed4-aryOBS | e:fo:flow:f79c1639a1f7 | flow:f79c1639a1f7 β host:192.168.1.185 β host:97.178.32.239 β port:udp:11130 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-65a9e51617aa2712:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-65a9e51617aa2712 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90% | e:bsg:SESSION-2014bf32e6dab59e:BSG-BEACON-3fa1dca5627c | SESSION-2014bf32e6dab59e β BSG-BEACON-3fa1dca5627c |
| FLOW_TO_HOSTOBS | e:to:SESSION-9b68d4601d0ccd30:host:192.168.1.1 | SESSION-9b68d4601d0ccd30 β host:192.168.1.1 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-604f49b2ccac8492:flow:03d3562fa35f | SESSION-604f49b2ccac8492 β flow:03d3562fa35f |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:142.250.113.95:geo_37.75100_-97.82200 | host:142.250.113.95 β geo_37.75100_-97.82200 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-e565a4fbf5cff09b:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-e565a4fbf5cff09b β BSG-HORIZ_SCAN-cd2c52661c4b |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e0cdf80170e46e9e:host:192.168.1.185 | SESSION-e0cdf80170e46e9e β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-ea1d23994577309a:flow:5b983251f483 | SESSION-ea1d23994577309a β flow:5b983251f483 |
| flow_observed5-aryOBS | e:fo:flow:c378386f9a22 | flow:c378386f9a22 β host:192.168.1.185 β host:150.171.28.10 β port:tcp:443 β svc:https |
| flow_observed5-aryOBS | e:fo:flow:e34282443dab | flow:e34282443dab β host:192.168.1.185 β host:142.250.115.95 β port:udp:443 β svc:https |
| FLOW_TO_HOSTOBS | e:to:SESSION-08bfd8721a383a39:host:192.168.1.1 | SESSION-08bfd8721a383a39 β host:192.168.1.1 |
| FLOW_TO_HOSTOBS | e:to:SESSION-423d6f8fa2a9f7bc:host:192.168.1.185 | SESSION-423d6f8fa2a9f7bc β host:192.168.1.185 |
| flow_observed4-aryOBS | e:fo:flow:ef26bc2c964d | flow:ef26bc2c964d β host:172.64.151.22 β host:192.168.1.185 β port:tcp:62104 |
| FLOW_TO_HOSTOBS | e:to:SESSION-441bb1af5ec88ffb:host:76.76.21.22 | SESSION-441bb1af5ec88ffb β host:76.76.21.22 |
| FLOW_DST_PORTOBS | e:fp:flow:9cc54a60d88a:port:tcp:54986 | flow:9cc54a60d88a β port:tcp:54986 |
| flow_observed5-aryOBS | e:fo:flow:5a246bdf60e4 | flow:5a246bdf60e4 β host:192.168.1.185 β host:135.234.174.40 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-86bc6b9e53c222b0:flow:46c89f86a16a | SESSION-86bc6b9e53c222b0 β flow:46c89f86a16a |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-b7d90a2138968fa3:host:209.177.156.94:host:192.168.1.185 | SESSION-b7d90a2138968fa3 β host:209.177.156.94 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-bcd07bc8e00bd126:host:192.168.1.185 | SESSION-bcd07bc8e00bd126 β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-7b2b00e0ceb88c09:SESSION-7b2b00e0ceb88c09 | SESSION-7b2b00e0ceb88c09 β pe:tls:SESSION-7b2b00e0ceb88c09 |
| flow_observed4-aryOBS | e:fo:flow:a912cd07306b | flow:a912cd07306b β host:192.168.1.185 β host:172.29.16.1 β port:udp:41641 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-2014bf32e6dab59e:host:151.101.113.140 | SESSION-2014bf32e6dab59e β host:151.101.113.140 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:34.111.31.13:geo_39.10270_-94.57780 | host:34.111.31.13 β geo_39.10270_-94.57780 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-5673cdc8e15ecc28:host:167.235.217.196 | SESSION-5673cdc8e15ecc28 β host:167.235.217.196 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-06fade4febc8462c:host:192.168.1.185:host:104.18.23.222 | SESSION-06fade4febc8462c β host:192.168.1.185 β host:104.18.23.222 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e565a4fbf5cff09b:host:192.168.1.185 | SESSION-e565a4fbf5cff09b β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-bc4350b5c6d66f3f:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-bc4350b5c6d66f3f β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-9c845bfb2b534b59:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-9c845bfb2b534b59 β BSG-HORIZ_SCAN-cd2c52661c4b |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:199.165.136.100:geo_43.63190_-79.37160 | host:199.165.136.100 β geo_43.63190_-79.37160 |
| FLOW_DST_PORTOBS | e:fp:flow:dc8e0c394478:port:udp:53 | flow:dc8e0c394478 β port:udp:53 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e66fd8e05921da5d:host:172.18.0.1 | SESSION-e66fd8e05921da5d β host:172.18.0.1 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-7b2b00e0ceb88c09:host:192.168.1.185 | SESSION-7b2b00e0ceb88c09 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-99947e3aab494326:host:192.168.1.185 | SESSION-99947e3aab494326 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-05305b96b26cdffd:host:104.18.39.21 | SESSION-05305b96b26cdffd β host:104.18.39.21 |
| flow_observed4-aryOBS | e:fo:flow:a42e7b1c53d5 | flow:a42e7b1c53d5 β host:192.168.1.185 β host:209.177.156.94 β port:udp:3478 |
| FLOW_TO_HOSTOBS | e:to:SESSION-ea1d23994577309a:host:192.168.1.185 | SESSION-ea1d23994577309a β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-423d6f8fa2a9f7bc:host:192.168.1.185 | SESSION-423d6f8fa2a9f7bc β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-dabcbf693ac9fbef:host:150.171.28.10 | SESSION-dabcbf693ac9fbef β host:150.171.28.10 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-bc4350b5c6d66f3f:SESSION-bc4350b5c6d66f3f | SESSION-bc4350b5c6d66f3f β pe:tls:SESSION-bc4350b5c6d66f3f |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-e53f703ab7b48a77:SESSION-e53f703ab7b48a77 | SESSION-e53f703ab7b48a77 β pe:tls:SESSION-e53f703ab7b48a77 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:0c699e4ab5c4:dns:ctldl.windowsupdate.com | flow:0c699e4ab5c4 β dns:ctldl.windowsupdate.com |
| FLOW_FROM_HOSTOBS | e:from:SESSION-83d0b20751c23f69:host:192.168.1.185 | SESSION-83d0b20751c23f69 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-ce6603a48a5c4c37:host:192.168.1.185 | SESSION-ce6603a48a5c4c37 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-58f9cafe500f64ad:host:192.168.1.185 | SESSION-58f9cafe500f64ad β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e6729d0ebc579395:flow:137f07aaadb4 | SESSION-e6729d0ebc579395 β flow:137f07aaadb4 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-787a71cfd2c6f769:host:192.168.1.185 | SESSION-787a71cfd2c6f769 β host:192.168.1.185 |
| HOST_IN_ASNOBS 85% | e:ha:host:20.62.59.32:asn:8075 | host:20.62.59.32 β asn:8075 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-17e440ba96a7a7b5:host:192.168.1.185:host:142.250.115.95 | SESSION-17e440ba96a7a7b5 β host:192.168.1.185 β host:142.250.115.95 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-86bc6b9e53c222b0:host:192.168.1.185 | SESSION-86bc6b9e53c222b0 β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-a019cb392bc23a7a:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-a019cb392bc23a7a β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-200a1edeb5081c1b:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-200a1edeb5081c1b β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-604f49b2ccac8492:host:97.178.32.239 | SESSION-604f49b2ccac8492 β host:97.178.32.239 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-9c85e6a530e7f20f:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-9c85e6a530e7f20f β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-858ec5d25a7b6232:host:192.168.1.185 | SESSION-858ec5d25a7b6232 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-10cf97843d85c279:host:192.168.1.185 | SESSION-10cf97843d85c279 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-f8dc5b0051ee4914:host:192.168.1.185 | SESSION-f8dc5b0051ee4914 β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-348feef1c6ca6285:flow:300bb0be41cf | SESSION-348feef1c6ca6285 β flow:300bb0be41cf |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e53f703ab7b48a77:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e53f703ab7b48a77 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-de97a19f0937505c:host:104.18.1.62 | SESSION-de97a19f0937505c β host:104.18.1.62 |
| FLOW_TO_HOSTOBS | e:to:SESSION-83d0b20751c23f69:host:192.168.1.1 | SESSION-83d0b20751c23f69 β host:192.168.1.1 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-9c845bfb2b534b59:host:150.171.28.10 | SESSION-9c845bfb2b534b59 β host:150.171.28.10 |
| FLOW_DST_PORTOBS | e:fp:flow:c378386f9a22:port:tcp:443 | flow:c378386f9a22 β port:tcp:443 |
| FLOW_DST_PORTOBS | e:fp:flow:919c57e90236:port:udp:443 | flow:919c57e90236 β port:udp:443 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-1ea83345da6e2df0:host:192.168.1.165 | SESSION-1ea83345da6e2df0 β host:192.168.1.165 |
| FLOW_DST_PORTOBS | e:fp:flow:f6fc82e11042:port:udp:5351 | flow:f6fc82e11042 β port:udp:5351 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-348feef1c6ca6285:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-348feef1c6ca6285 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-9b68d4601d0ccd30:host:192.168.1.1 | SESSION-9b68d4601d0ccd30 β host:192.168.1.1 |
| flow_observed5-aryOBS | e:fo:flow:660ca437efa1 | flow:660ca437efa1 β host:192.168.1.185 β host:192.168.1.1 β port:udp:53 β svc:dns |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-58f9cafe500f64ad:host:192.168.1.1 | SESSION-58f9cafe500f64ad β host:192.168.1.1 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-184b3698d564c9c7:host:216.24.57.7 | SESSION-184b3698d564c9c7 β host:216.24.57.7 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-e881aa680da5dbf3:SESSION-e881aa680da5dbf3 | SESSION-e881aa680da5dbf3 β pe:tls:SESSION-e881aa680da5dbf3 |
| FLOW_DST_PORTOBS | e:fp:flow:f19ee6508782:port:tcp:58457 | flow:f19ee6508782 β port:tcp:58457 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-858ec5d25a7b6232:flow:f79c1639a1f7 | SESSION-858ec5d25a7b6232 β flow:f79c1639a1f7 |
| PORT_IMPLIED_SERVICEIMP 70% | e:ps:port:tcp:80:svc:http | port:tcp:80 β svc:http |
| FLOW_DST_PORTOBS | e:fp:flow:0c699e4ab5c4:port:udp:53 | flow:0c699e4ab5c4 β port:udp:53 |
| FLOW_TO_HOSTOBS | e:to:SESSION-68666b77cce29d40:host:192.168.1.1 | SESSION-68666b77cce29d40 β host:192.168.1.1 |
| flow_observed3-aryOBS | e:fo:flow:df281449ac19 | flow:df281449ac19 β host:97.178.32.239 β host:192.168.1.185 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:13.107.226.57:geo_37.75100_-97.82200 | host:13.107.226.57 β geo_37.75100_-97.82200 |
| FLOW_DST_PORTOBS | e:fp:flow:a912cd07306b:port:udp:41641 | flow:a912cd07306b β port:udp:41641 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-604f49b2ccac8492:host:192.168.1.185:host:97.178.32.239 | SESSION-604f49b2ccac8492 β host:192.168.1.185 β host:97.178.32.239 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e86e0a049372cc85:host:142.250.113.95 | SESSION-e86e0a049372cc85 β host:142.250.113.95 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-04dc5a38b6cabcef:flow:05b4e5b174c0 | SESSION-04dc5a38b6cabcef β flow:05b4e5b174c0 |
| FLOW_DST_PORTOBS | e:fp:flow:7fc08133133d:port:udp:44244 | flow:7fc08133133d β port:udp:44244 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-bc4350b5c6d66f3f:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-bc4350b5c6d66f3f β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:660ca437efa1:dns:chatgpt.com | flow:660ca437efa1 β dns:chatgpt.com |
| flow_observed4-aryOBS | e:fo:flow:bf8f4a131249 | flow:bf8f4a131249 β host:192.168.1.185 β host:172.17.0.1 β port:udp:44244 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:660ca437efa1:dns:remotedesktop-pa.googleapis.com | flow:660ca437efa1 β dns:remotedesktop-pa.googleapis.com |
| FLOW_DST_PORTOBS | e:fp:flow:82ce7409c0ca:port:tcp:80 | flow:82ce7409c0ca β port:tcp:80 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:660ca437efa1:dns:browser.events.data.microsoft.com | flow:660ca437efa1 β dns:browser.events.data.microsoft.com |
| FLOW_TO_HOSTOBS | e:to:SESSION-329be171c0b80b92:host:172.29.16.1 | SESSION-329be171c0b80b92 β host:172.29.16.1 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-348feef1c6ca6285:host:192.168.1.185 | SESSION-348feef1c6ca6285 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-7bf53771cd98ec17:host:192.168.1.185 | SESSION-7bf53771cd98ec17 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-f8dc5b0051ee4914:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-f8dc5b0051ee4914 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_TO_HOSTOBS | e:to:SESSION-604f49b2ccac8492:host:97.178.32.239 | SESSION-604f49b2ccac8492 β host:97.178.32.239 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90% | e:bsg:SESSION-9b68d4601d0ccd30:BSG-BEACON-4bc57cbec7cd | SESSION-9b68d4601d0ccd30 β BSG-BEACON-4bc57cbec7cd |
| flow_observed5-aryOBS | e:fo:flow:300bb0be41cf | flow:300bb0be41cf β host:192.168.1.185 β host:151.101.113.140 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-b7d90a2138968fa3:host:209.177.156.94 | SESSION-b7d90a2138968fa3 β host:209.177.156.94 |
| FLOW_DST_PORTOBS | e:fp:flow:779733f74ceb:port:tcp:443 | flow:779733f74ceb β port:tcp:443 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-bcd07bc8e00bd126:flow:b41e05b0f148 | SESSION-bcd07bc8e00bd126 β flow:b41e05b0f148 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:142.250.115.95:geo_37.75100_-97.82200 | host:142.250.115.95 β geo_37.75100_-97.82200 |
| FLOW_DST_PORTOBS | e:fp:flow:4eed5ff51111:port:tcp:46407 | flow:4eed5ff51111 β port:tcp:46407 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-dabcbf693ac9fbef:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-dabcbf693ac9fbef β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| ASN_IN_ORGOBS 80% | e:ao:asn:15169:org:Google LLC | asn:15169 β org:Google LLC |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90% | e:bsg:SESSION-83d0b20751c23f69:BSG-BEACON-4bc57cbec7cd | SESSION-83d0b20751c23f69 β BSG-BEACON-4bc57cbec7cd |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-1835bee014d5b0b3:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-1835bee014d5b0b3 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e5c653feb7de823f:host:192.168.1.185 | SESSION-e5c653feb7de823f β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:syn:SESSION-d146af26ba988e06:SESSION-d146af26ba988e06 | SESSION-d146af26ba988e06 β pe:syn:SESSION-d146af26ba988e06 |
| FLOW_DST_PORTOBS | e:fp:flow:b41e05b0f148:port:udp:3478 | flow:b41e05b0f148 β port:udp:3478 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-06fade4febc8462c:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-06fade4febc8462c β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-ce6603a48a5c4c37:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-ce6603a48a5c4c37 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:bf7a9427297d:dns:ctldl.windowsupdate.com | flow:bf7a9427297d β dns:ctldl.windowsupdate.com |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-502ccca87ddbbb24:SESSION-502ccca87ddbbb24 | SESSION-502ccca87ddbbb24 β pe:tls:SESSION-502ccca87ddbbb24 |
| HOST_IN_ASNOBS 85% | e:ha:host:216.24.57.251:asn:397273 | host:216.24.57.251 β asn:397273 |
| FLOW_DST_PORTOBS | e:fp:flow:65175f124256:port:tcp:443 | flow:65175f124256 β port:tcp:443 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-741380b5a9a3a6c7:host:192.168.1.185 | SESSION-741380b5a9a3a6c7 β host:192.168.1.185 |
| flow_observed5-aryOBS | e:fo:flow:abe950115ba3 | flow:abe950115ba3 β host:192.168.1.185 β host:13.107.226.57 β port:tcp:443 β svc:https |
| FLOW_FROM_HOSTOBS | e:from:SESSION-604f49b2ccac8492:host:192.168.1.185 | SESSION-604f49b2ccac8492 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-184b3698d564c9c7:host:216.24.57.7:host:192.168.1.185 | SESSION-184b3698d564c9c7 β host:216.24.57.7 β host:192.168.1.185 |
| flow_observed4-aryOBS | e:fo:flow:4f5810e72704 | flow:4f5810e72704 β host:192.168.1.185 β host:192.73.244.245 β port:udp:3478 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-8c7ddbb6fe26a9a9:host:216.239.32.223 | SESSION-8c7ddbb6fe26a9a9 β host:216.239.32.223 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-c8f5f362e7c0c5c8:host:216.24.57.251 | SESSION-c8f5f362e7c0c5c8 β host:216.24.57.251 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:167.235.217.196:geo_50.47770_12.36490 | host:167.235.217.196 β geo_50.47770_12.36490 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-cbcc97483386b4f3:host:104.18.32.47 | SESSION-cbcc97483386b4f3 β host:104.18.32.47 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e6ad21d692182871:flow:cb933110cf94 | SESSION-e6ad21d692182871 β flow:cb933110cf94 |
| FLOW_DST_PORTOBS | e:fp:flow:189be888c3af:port:tcp:443 | flow:189be888c3af β port:tcp:443 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:192.200.0.112:geo_43.63190_-79.37160 | host:192.200.0.112 β geo_43.63190_-79.37160 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-5419af02605f5da4:host:192.168.1.185 | SESSION-5419af02605f5da4 β host:192.168.1.185 |
| ASN_IN_ORGOBS 80% | e:ao:asn:396982:org:Google LLC | asn:396982 β org:Google LLC |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e6729d0ebc579395:host:192.168.1.185:host:97.178.32.239 | SESSION-e6729d0ebc579395 β host:192.168.1.185 β host:97.178.32.239 |
| flow_observed5-aryOBS | e:fo:flow:d84a13678d67 | flow:d84a13678d67 β host:192.168.1.185 β host:142.250.113.95 β port:udp:443 β svc:https |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-04dc5a38b6cabcef:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-04dc5a38b6cabcef β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-06fade4febc8462c:flow:189be888c3af | SESSION-06fade4febc8462c β flow:189be888c3af |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-d7f6ed06cf3ab18b:host:192.168.1.185 | SESSION-d7f6ed06cf3ab18b β host:192.168.1.185 |
| HOST_IN_ASNOBS 85% | e:ha:host:97.178.32.239:asn:6167 | host:97.178.32.239 β asn:6167 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-3cb87513d2c7904f:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-3cb87513d2c7904f β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-502ccca87ddbbb24:host:192.168.1.185:host:35.190.80.1 | SESSION-502ccca87ddbbb24 β host:192.168.1.185 β host:35.190.80.1 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-8394aca80c2a0790:host:192.168.1.185:host:52.182.143.215 | SESSION-8394aca80c2a0790 β host:192.168.1.185 β host:52.182.143.215 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-ea1d23994577309a:host:192.168.1.185 | SESSION-ea1d23994577309a β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:65c7de267840:port:udp:5351 | flow:65c7de267840 β port:udp:5351 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-65e185b6eab54d6a:flow:65c7de267840 | SESSION-65e185b6eab54d6a β flow:65c7de267840 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-c8f5f362e7c0c5c8:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-c8f5f362e7c0c5c8 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-d146af26ba988e06:host:104.18.32.47 | SESSION-d146af26ba988e06 β host:104.18.32.47 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e6ad21d692182871:host:192.168.1.185 | SESSION-e6ad21d692182871 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-8c7ddbb6fe26a9a9:host:216.239.32.223:host:192.168.1.185 | SESSION-8c7ddbb6fe26a9a9 β host:216.239.32.223 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-bc4350b5c6d66f3f:host:192.168.1.185 | SESSION-bc4350b5c6d66f3f β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-c4d9c40a7fec56be:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-c4d9c40a7fec56be β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-06fade4febc8462c:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-06fade4febc8462c β BSG-HORIZ_SCAN-cd2c52661c4b |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:52.110.6.13:geo_29.42270_-98.49270 | host:52.110.6.13 β geo_29.42270_-98.49270 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-9c845bfb2b534b59:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-9c845bfb2b534b59 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-65e185b6eab54d6a:host:192.168.1.185 | SESSION-65e185b6eab54d6a β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-9dab8edd40d14d9d:host:192.168.1.185 | SESSION-9dab8edd40d14d9d β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-348feef1c6ca6285:host:192.168.1.185:host:151.101.113.140 | SESSION-348feef1c6ca6285 β host:192.168.1.185 β host:151.101.113.140 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e5c653feb7de823f:host:192.168.1.185 | SESSION-e5c653feb7de823f β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-d146af26ba988e06:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-d146af26ba988e06 β BSG-HORIZ_SCAN-cd2c52661c4b |
| FLOW_DST_PORTOBS | e:fp:flow:3d20532e84ed:port:udp:443 | flow:3d20532e84ed β port:udp:443 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-81e5b5be161de125:host:192.168.1.185 | SESSION-81e5b5be161de125 β host:192.168.1.185 |
| flow_observed4-aryOBS | e:fo:flow:682d5368c69e | flow:682d5368c69e β host:192.168.1.185 β host:97.178.32.239 β port:udp:1050 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-9c845bfb2b534b59:host:192.168.1.185 | SESSION-9c845bfb2b534b59 β host:192.168.1.185 |
| flow_observed4-aryOBS | e:fo:flow:b41e05b0f148 | flow:b41e05b0f148 β host:192.168.1.185 β host:209.177.158.246 β port:udp:3478 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-65a9e51617aa2712:host:199.165.136.100 | SESSION-65a9e51617aa2712 β host:199.165.136.100 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e5c653feb7de823f:host:192.168.1.185:host:192.73.243.135 | SESSION-e5c653feb7de823f β host:192.168.1.185 β host:192.73.243.135 |
| flow_observed5-aryOBS | e:fo:flow:bab9257727f6 | flow:bab9257727f6 β host:192.168.1.185 β host:23.219.160.5 β port:udp:443 β svc:https |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-36cd4459caa078a9:flow:5a246bdf60e4 | SESSION-36cd4459caa078a9 β flow:5a246bdf60e4 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-9c85e6a530e7f20f:host:192.168.1.185 | SESSION-9c85e6a530e7f20f β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-de97a19f0937505c:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-de97a19f0937505c β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-7bf53771cd98ec17:flow:f6fc82e11042 | SESSION-7bf53771cd98ec17 β flow:f6fc82e11042 |
| HOST_IN_ASNOBS 85% | e:ha:host:23.219.160.5:asn:20940 | host:23.219.160.5 β asn:20940 |
| FLOW_TO_HOSTOBS | e:to:SESSION-3cb87513d2c7904f:host:192.168.1.1 | SESSION-3cb87513d2c7904f β host:192.168.1.1 |
| FLOW_TO_HOSTOBS | e:to:SESSION-58f9cafe500f64ad:host:192.168.1.1 | SESSION-58f9cafe500f64ad β host:192.168.1.1 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-200a1edeb5081c1b:flow:d479ce3b7365 | SESSION-200a1edeb5081c1b β flow:d479ce3b7365 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-de97a19f0937505c:host:104.18.1.62:host:192.168.1.185 | SESSION-de97a19f0937505c β host:104.18.1.62 β host:192.168.1.185 |
| flow_observed4-aryOBS | e:fo:flow:0523b90826b8 | flow:0523b90826b8 β host:192.200.0.112 β host:192.168.1.185 β port:tcp:51645 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e0cdf80170e46e9e:host:192.168.1.185 | SESSION-e0cdf80170e46e9e β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-8c7ddbb6fe26a9a9:host:192.168.1.185 | SESSION-8c7ddbb6fe26a9a9 β host:192.168.1.185 |
| flow_observed4-aryOBS | e:fo:flow:26faad66f81e | flow:26faad66f81e β host:192.168.1.185 β host:172.18.0.1 β port:udp:44244 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-05305b96b26cdffd:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-05305b96b26cdffd β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_DST_PORTOBS | e:fp:flow:d83699920b5b:port:tcp:443 | flow:d83699920b5b β port:tcp:443 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e53f703ab7b48a77:flow:9aa8161296f7 | SESSION-e53f703ab7b48a77 β flow:9aa8161296f7 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-7dbcb4428a9e5e71:host:192.168.1.185 | SESSION-7dbcb4428a9e5e71 β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-17e440ba96a7a7b5:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-17e440ba96a7a7b5 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-787a71cfd2c6f769:host:162.159.128.61:host:192.168.1.185 | SESSION-787a71cfd2c6f769 β host:162.159.128.61 β host:192.168.1.185 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:150.171.28.10:geo_37.75100_-97.82200 | host:150.171.28.10 β geo_37.75100_-97.82200 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-68666b77cce29d40:host:192.168.1.1 | SESSION-68666b77cce29d40 β host:192.168.1.1 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-65e185b6eab54d6a:host:192.168.1.185:host:192.168.1.1 | SESSION-65e185b6eab54d6a β host:192.168.1.185 β host:192.168.1.1 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-36cd4459caa078a9:host:192.168.1.185 | SESSION-36cd4459caa078a9 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:341692033057:port:udp:41641 | flow:341692033057 β port:udp:41641 |
| flow_observed4-aryOBS | e:fo:flow:46f60ddc23a2 | flow:46f60ddc23a2 β host:192.168.1.185 β host:192.168.1.1 β port:tcp:46407 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-22420a928847cfad:host:192.168.1.185 | SESSION-22420a928847cfad β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:478de54cd94a:port:udp:31036 | flow:478de54cd94a β port:udp:31036 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:192.73.248.83:geo_32.77970_-96.80220 | host:192.73.248.83 β geo_32.77970_-96.80220 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-055fd962754012c2:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-055fd962754012c2 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-787a71cfd2c6f769:SESSION-787a71cfd2c6f769 | SESSION-787a71cfd2c6f769 β pe:tls:SESSION-787a71cfd2c6f769 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:dns:SESSION-68666b77cce29d40:SESSION-68666b77cce29d40 | SESSION-68666b77cce29d40 β pe:dns:SESSION-68666b77cce29d40 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-7b2b00e0ceb88c09:host:20.62.59.32 | SESSION-7b2b00e0ceb88c09 β host:20.62.59.32 |
| flow_observed4-aryOBS | e:fo:flow:c44b4fd56f98 | flow:c44b4fd56f98 β host:216.239.32.223 β host:192.168.1.185 β port:udp:60920 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-055fd962754012c2:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-055fd962754012c2 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-fa034e5132aecf5b:host:192.168.1.185 | SESSION-fa034e5132aecf5b β host:192.168.1.185 |
| flow_observed4-aryOBS | e:fo:flow:f6fc82e11042 | flow:f6fc82e11042 β host:192.168.1.185 β host:192.168.1.1 β port:udp:5351 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-716de9787a03c45e:host:23.219.160.5 | SESSION-716de9787a03c45e β host:23.219.160.5 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:151.101.113.140:geo_32.77970_-96.80220 | host:151.101.113.140 β geo_32.77970_-96.80220 |
| FLOW_TO_HOSTOBS | e:to:SESSION-348feef1c6ca6285:host:151.101.113.140 | SESSION-348feef1c6ca6285 β host:151.101.113.140 |
| FLOW_TO_HOSTOBS | e:to:SESSION-99947e3aab494326:host:192.168.1.185 | SESSION-99947e3aab494326 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-934baa2aae663ceb:host:151.101.113.140 | SESSION-934baa2aae663ceb β host:151.101.113.140 |
| FLOW_TO_HOSTOBS | e:to:SESSION-4cf06bd9f9c07bb4:host:97.178.32.239 | SESSION-4cf06bd9f9c07bb4 β host:97.178.32.239 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-1065a64ded6cc44c:flow:7fc08133133d | SESSION-1065a64ded6cc44c β flow:7fc08133133d |
| ASN_IN_ORGOBS 80% | e:ao:asn:8075:org:Microsoft Corporation | asn:8075 β org:Microsoft Corporation |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:35.190.80.1:geo_37.75100_-97.82200 | host:35.190.80.1 β geo_37.75100_-97.82200 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-10cf97843d85c279:host:192.168.1.185:host:209.177.156.94 | SESSION-10cf97843d85c279 β host:192.168.1.185 β host:209.177.156.94 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-2014bf32e6dab59e:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-2014bf32e6dab59e β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-7b2b00e0ceb88c09:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-7b2b00e0ceb88c09 β BSG-HORIZ_SCAN-cd2c52661c4b |
| FLOW_FROM_HOSTOBS | e:from:SESSION-934baa2aae663ceb:host:192.168.1.185 | SESSION-934baa2aae663ceb β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-9c845bfb2b534b59:host:150.171.28.10 | SESSION-9c845bfb2b534b59 β host:150.171.28.10 |
| FLOW_TO_HOSTOBS | e:to:SESSION-1ea83345da6e2df0:host:224.0.0.22 | SESSION-1ea83345da6e2df0 β host:224.0.0.22 |
| ASN_IN_ORGOBS 80% | e:ao:asn:16509:org:Amazon.com, Inc. | asn:16509 β org:Amazon.com, Inc. |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:216.24.57.7:geo_37.75100_-97.82200 | host:216.24.57.7 β geo_37.75100_-97.82200 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-ce6603a48a5c4c37:host:192.168.1.185 | SESSION-ce6603a48a5c4c37 β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-b7338ba843b2dafa:SESSION-b7338ba843b2dafa | SESSION-b7338ba843b2dafa β pe:tls:SESSION-b7338ba843b2dafa |
| FLOW_FROM_HOSTOBS | e:from:SESSION-9c85e6a530e7f20f:host:192.168.1.185 | SESSION-9c85e6a530e7f20f β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-4cf06bd9f9c07bb4:host:192.168.1.185 | SESSION-4cf06bd9f9c07bb4 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-5673cdc8e15ecc28:host:167.235.217.196:host:192.168.1.185 | SESSION-5673cdc8e15ecc28 β host:167.235.217.196 β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:syn:SESSION-83d0b20751c23f69:SESSION-83d0b20751c23f69 | SESSION-83d0b20751c23f69 β pe:syn:SESSION-83d0b20751c23f69 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-ce6603a48a5c4c37:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-ce6603a48a5c4c37 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-741380b5a9a3a6c7:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-741380b5a9a3a6c7 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| flow_observed4-aryOBS | e:fo:flow:137f07aaadb4 | flow:137f07aaadb4 β host:192.168.1.185 β host:97.178.32.239 β port:udp:41641 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-741380b5a9a3a6c7:SESSION-741380b5a9a3a6c7 | SESSION-741380b5a9a3a6c7 β pe:tls:SESSION-741380b5a9a3a6c7 |
| FLOW_DST_PORTOBS | e:fp:flow:f3b81336df74:port:tcp:443 | flow:f3b81336df74 β port:tcp:443 |
| FLOW_TO_HOSTOBS | e:to:SESSION-36cd4459caa078a9:host:135.234.174.40 | SESSION-36cd4459caa078a9 β host:135.234.174.40 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-de97a19f0937505c:SESSION-de97a19f0937505c | SESSION-de97a19f0937505c β pe:tls:SESSION-de97a19f0937505c |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-fa034e5132aecf5b:host:192.168.1.185:host:13.107.226.57 | SESSION-fa034e5132aecf5b β host:192.168.1.185 β host:13.107.226.57 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-441bb1af5ec88ffb:host:76.76.21.22 | SESSION-441bb1af5ec88ffb β host:76.76.21.22 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-5419af02605f5da4:flow:341692033057 | SESSION-5419af02605f5da4 β flow:341692033057 |
| flow_observed5-aryOBS | e:fo:flow:ab2fda60ec38 | flow:ab2fda60ec38 β host:192.168.1.185 β host:150.171.28.10 β port:tcp:443 β svc:https |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-2681df7af5f78270:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-2681df7af5f78270 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-bc4350b5c6d66f3f:host:34.111.31.13 | SESSION-bc4350b5c6d66f3f β host:34.111.31.13 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-99947e3aab494326:SESSION-99947e3aab494326 | SESSION-99947e3aab494326 β pe:tls:SESSION-99947e3aab494326 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-8394aca80c2a0790:host:192.168.1.185 | SESSION-8394aca80c2a0790 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:5b983251f483:port:tcp:52133 | flow:5b983251f483 β port:tcp:52133 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-8fd6ad39adf47a18:host:104.18.36.216 | SESSION-8fd6ad39adf47a18 β host:104.18.36.216 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-1835bee014d5b0b3:host:192.168.1.185 | SESSION-1835bee014d5b0b3 β host:192.168.1.185 |
| FLOW_HTTP_HOSTOBS | e:fh:flow:82ce7409c0ca:http_host:ctldl.windowsupdate.com | flow:82ce7409c0ca β http_host:ctldl.windowsupdate.com |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-716de9787a03c45e:host:192.168.1.185 | SESSION-716de9787a03c45e β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-858ec5d25a7b6232:host:192.168.1.185:host:97.178.32.239 | SESSION-858ec5d25a7b6232 β host:192.168.1.185 β host:97.178.32.239 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-c8f5f362e7c0c5c8:flow:e36e1209129d | SESSION-c8f5f362e7c0c5c8 β flow:e36e1209129d |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-bc4350b5c6d66f3f:flow:c0b4f157e073 | SESSION-bc4350b5c6d66f3f β flow:c0b4f157e073 |
| ASN_IN_ORGOBS 80% | e:ao:asn:397273:org:Render | asn:397273 β org:Render |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-5673cdc8e15ecc28:host:192.168.1.185 | SESSION-5673cdc8e15ecc28 β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-423d6f8fa2a9f7bc:SESSION-423d6f8fa2a9f7bc | SESSION-423d6f8fa2a9f7bc β pe:tls:SESSION-423d6f8fa2a9f7bc |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-17e440ba96a7a7b5:flow:e34282443dab | SESSION-17e440ba96a7a7b5 β flow:e34282443dab |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-a019cb392bc23a7a:host:192.168.1.185:host:199.165.136.100 | SESSION-a019cb392bc23a7a β host:192.168.1.185 β host:199.165.136.100 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-21bfec774060aafb:flow:46f60ddc23a2 | SESSION-21bfec774060aafb β flow:46f60ddc23a2 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-184b3698d564c9c7:host:192.168.1.185 | SESSION-184b3698d564c9c7 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-7b2b00e0ceb88c09:host:192.168.1.185:host:20.62.59.32 | SESSION-7b2b00e0ceb88c09 β host:192.168.1.185 β host:20.62.59.32 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-99947e3aab494326:host:192.200.0.112:host:192.168.1.185 | SESSION-99947e3aab494326 β host:192.200.0.112 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-a019cb392bc23a7a:host:192.168.1.185 | SESSION-a019cb392bc23a7a β host:192.168.1.185 |
| flow_observed4-aryOBS | e:fo:flow:0380e0cd29dc | flow:0380e0cd29dc β host:104.18.39.21 β host:192.168.1.185 β port:tcp:52640 |
| flow_observed4-aryOBS | e:fo:flow:d479ce3b7365 | flow:d479ce3b7365 β host:52.110.6.13 β host:192.168.1.185 β port:tcp:54629 |
| FLOW_DST_PORTOBS | e:fp:flow:00f4e10d6ac7:port:tcp:43844 | flow:00f4e10d6ac7 β port:tcp:43844 |
| HOST_IN_ASNOBS 85% | e:ha:host:151.101.112.217:asn:54113 | host:151.101.112.217 β asn:54113 |
| FLOW_DST_PORTOBS | e:fp:flow:d84a13678d67:port:udp:443 | flow:d84a13678d67 β port:udp:443 |
| HOST_IN_ASNOBS 85% | e:ha:host:135.234.174.40:asn:8075 | host:135.234.174.40 β asn:8075 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-441bb1af5ec88ffb:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-441bb1af5ec88ffb β BSG-HORIZ_SCAN-cd2c52661c4b |
| FLOW_TO_HOSTOBS | e:to:SESSION-22420a928847cfad:host:192.168.1.1 | SESSION-22420a928847cfad β host:192.168.1.1 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-348feef1c6ca6285:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-348feef1c6ca6285 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| flow_observed4-aryOBS | e:fo:flow:027ad06c15d5 | flow:027ad06c15d5 β host:104.18.36.216 β host:192.168.1.185 β port:tcp:55880 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:97.178.32.239:geo_29.82840_-95.46960 | host:97.178.32.239 β geo_29.82840_-95.46960 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e6ad21d692182871:host:192.168.1.185 | SESSION-e6ad21d692182871 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e53f703ab7b48a77:host:199.165.136.100 | SESSION-e53f703ab7b48a77 β host:199.165.136.100 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e5c653feb7de823f:flow:62d01d1bf747 | SESSION-e5c653feb7de823f β flow:62d01d1bf747 |
| HOST_IN_ASNOBS 85% | e:ha:host:216.239.32.223:asn:15169 | host:216.239.32.223 β asn:15169 |
| FLOW_TO_HOSTOBS | e:to:SESSION-21bfec774060aafb:host:192.168.1.1 | SESSION-21bfec774060aafb β host:192.168.1.1 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-329be171c0b80b92:host:192.168.1.185 | SESSION-329be171c0b80b92 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-3cb87513d2c7904f:host:192.168.1.185 | SESSION-3cb87513d2c7904f β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-741380b5a9a3a6c7:host:172.64.151.22:host:192.168.1.185 | SESSION-741380b5a9a3a6c7 β host:172.64.151.22 β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-b7338ba843b2dafa:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-b7338ba843b2dafa β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:syn:SESSION-9b68d4601d0ccd30:SESSION-9b68d4601d0ccd30 | SESSION-9b68d4601d0ccd30 β pe:syn:SESSION-9b68d4601d0ccd30 |
| FLOW_TO_HOSTOBS | e:to:SESSION-a019cb392bc23a7a:host:199.165.136.100 | SESSION-a019cb392bc23a7a β host:199.165.136.100 |
| flow_observed4-aryOBS | e:fo:flow:9cc54a60d88a | flow:9cc54a60d88a β host:167.235.217.196 β host:192.168.1.185 β port:tcp:54986 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-329be171c0b80b92:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-329be171c0b80b92 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| flow_observed4-aryOBS | e:fo:flow:62d01d1bf747 | flow:62d01d1bf747 β host:192.168.1.185 β host:192.73.243.135 β port:udp:3478 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-65e185b6eab54d6a:host:192.168.1.1 | SESSION-65e185b6eab54d6a β host:192.168.1.1 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-81e5b5be161de125:flow:82ce7409c0ca | SESSION-81e5b5be161de125 β flow:82ce7409c0ca |
| FLOW_TO_HOSTOBS | e:to:SESSION-858ec5d25a7b6232:host:97.178.32.239 | SESSION-858ec5d25a7b6232 β host:97.178.32.239 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-04dc5a38b6cabcef:host:167.235.217.196:host:192.168.1.185 | SESSION-04dc5a38b6cabcef β host:167.235.217.196 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-65a9e51617aa2712:host:192.168.1.185 | SESSION-65a9e51617aa2712 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-1065a64ded6cc44c:host:172.19.0.1 | SESSION-1065a64ded6cc44c β host:172.19.0.1 |
| flow_observed3-aryOBS | e:fo:flow:bf7a9427297d | flow:bf7a9427297d β host:192.168.1.185 β host:192.168.1.1 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-9dab8edd40d14d9d:host:104.18.39.21 | SESSION-9dab8edd40d14d9d β host:104.18.39.21 |
| FLOW_DST_PORTOBS | e:fp:flow:fdf049da8b14:port:udp:3478 | flow:fdf049da8b14 β port:udp:3478 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-08bfd8721a383a39:host:192.168.1.1 | SESSION-08bfd8721a383a39 β host:192.168.1.1 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-2014bf32e6dab59e:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-2014bf32e6dab59e β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-9b68d4601d0ccd30:host:192.168.1.185 | SESSION-9b68d4601d0ccd30 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-d146af26ba988e06:host:192.168.1.185 | SESSION-d146af26ba988e06 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-5673cdc8e15ecc28:host:167.235.217.196 | SESSION-5673cdc8e15ecc28 β host:167.235.217.196 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-7dbcb4428a9e5e71:host:192.168.1.185 | SESSION-7dbcb4428a9e5e71 β host:192.168.1.185 |
| HOST_IN_ASNOBS 85% | e:ha:host:35.190.80.1:asn:396982 | host:35.190.80.1 β asn:396982 |
| flow_observed4-aryOBS | e:fo:flow:03d3562fa35f | flow:03d3562fa35f β host:192.168.1.185 β host:97.178.32.239 β port:udp:52243 |
| FLOW_TO_HOSTOBS | e:to:SESSION-b7d90a2138968fa3:host:192.168.1.185 | SESSION-b7d90a2138968fa3 β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-cbcc97483386b4f3:SESSION-cbcc97483386b4f3 | SESSION-cbcc97483386b4f3 β pe:tls:SESSION-cbcc97483386b4f3 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-f32643b41a201d5b:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-f32643b41a201d5b β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-3cb87513d2c7904f:host:192.168.1.1 | SESSION-3cb87513d2c7904f β host:192.168.1.1 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50% | e:bsg:SESSION-b7d90a2138968fa3:BSG-DATA_EXFIL-e7f288856e4c | SESSION-b7d90a2138968fa3 β BSG-DATA_EXFIL-e7f288856e4c |
| FLOW_FROM_HOSTOBS | e:from:SESSION-bcd07bc8e00bd126:host:192.168.1.185 | SESSION-bcd07bc8e00bd126 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-81e5b5be161de125:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-81e5b5be161de125 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-502ccca87ddbbb24:host:192.168.1.185 | SESSION-502ccca87ddbbb24 β host:192.168.1.185 |
| flow_observed5-aryOBS | e:fo:flow:cb933110cf94 | flow:cb933110cf94 β host:192.168.1.185 β host:199.165.136.100 β port:tcp:443 β svc:https |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-329be171c0b80b92:host:192.168.1.185:host:172.29.16.1 | SESSION-329be171c0b80b92 β host:192.168.1.185 β host:172.29.16.1 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-ea1d23994577309a:host:104.18.22.222:host:192.168.1.185 | SESSION-ea1d23994577309a β host:104.18.22.222 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-c4d9c40a7fec56be:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-c4d9c40a7fec56be β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| flow_observed4-aryOBS | e:fo:flow:341692033057 | flow:341692033057 β host:192.168.1.185 β host:97.178.32.239 β port:udp:41641 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90% | e:bsg:SESSION-934baa2aae663ceb:BSG-BEACON-3fa1dca5627c | SESSION-934baa2aae663ceb β BSG-BEACON-3fa1dca5627c |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-36cd4459caa078a9:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-36cd4459caa078a9 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-05305b96b26cdffd:SESSION-05305b96b26cdffd | SESSION-05305b96b26cdffd β pe:tls:SESSION-05305b96b26cdffd |
| FLOW_DST_PORTOBS | e:fp:flow:495f7c8d94fd:port:tcp:43844 | flow:495f7c8d94fd β port:tcp:43844 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e5c653feb7de823f:host:192.73.243.135 | SESSION-e5c653feb7de823f β host:192.73.243.135 |
| FLOW_TO_HOSTOBS | e:to:SESSION-502ccca87ddbbb24:host:35.190.80.1 | SESSION-502ccca87ddbbb24 β host:35.190.80.1 |
| FLOW_DST_PORTOBS | e:fp:flow:f5abaef54664:port:tcp:46407 | flow:f5abaef54664 β port:tcp:46407 |
| ASN_IN_ORGOBS 80% | e:ao:asn:54113:org:Fastly, Inc. | asn:54113 β org:Fastly, Inc. |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-17e440ba96a7a7b5:host:142.250.115.95 | SESSION-17e440ba96a7a7b5 β host:142.250.115.95 |
| flow_observed4-aryOBS | e:fo:flow:05b4e5b174c0 | flow:05b4e5b174c0 β host:167.235.217.196 β host:192.168.1.185 β port:tcp:54986 |
| FLOW_TO_HOSTOBS | e:to:SESSION-81e5b5be161de125:host:151.101.114.172 | SESSION-81e5b5be161de125 β host:151.101.114.172 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e6ad21d692182871:host:199.165.136.100 | SESSION-e6ad21d692182871 β host:199.165.136.100 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-17e440ba96a7a7b5:host:192.168.1.185 | SESSION-17e440ba96a7a7b5 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-17e440ba96a7a7b5:host:142.250.115.95 | SESSION-17e440ba96a7a7b5 β host:142.250.115.95 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-1065a64ded6cc44c:host:192.168.1.185 | SESSION-1065a64ded6cc44c β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e565a4fbf5cff09b:host:192.73.248.83 | SESSION-e565a4fbf5cff09b β host:192.73.248.83 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e53f703ab7b48a77:host:199.165.136.100 | SESSION-e53f703ab7b48a77 β host:199.165.136.100 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-f32643b41a201d5b:host:192.168.1.185 | SESSION-f32643b41a201d5b β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-86bc6b9e53c222b0:host:192.168.1.185 | SESSION-86bc6b9e53c222b0 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-f32643b41a201d5b:host:209.177.158.246 | SESSION-f32643b41a201d5b β host:209.177.158.246 |
| flow_observed4-aryOBS | e:fo:flow:f5abaef54664 | flow:f5abaef54664 β host:192.168.1.185 β host:192.168.1.1 β port:tcp:46407 |
| FLOW_TLS_SNIOBS | e:fs:flow:f25397a8d5d5:tls_sni:chatgpt.com | flow:f25397a8d5d5 β tls_sni:chatgpt.com |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-06fade4febc8462c:host:192.168.1.185 | SESSION-06fade4febc8462c β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:syn:SESSION-06fade4febc8462c:SESSION-06fade4febc8462c | SESSION-06fade4febc8462c β pe:syn:SESSION-06fade4febc8462c |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-8394aca80c2a0790:host:52.182.143.215 | SESSION-8394aca80c2a0790 β host:52.182.143.215 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-04dc5a38b6cabcef:SESSION-04dc5a38b6cabcef | SESSION-04dc5a38b6cabcef β pe:tls:SESSION-04dc5a38b6cabcef |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-5673cdc8e15ecc28:SESSION-5673cdc8e15ecc28 | SESSION-5673cdc8e15ecc28 β pe:tls:SESSION-5673cdc8e15ecc28 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-934baa2aae663ceb:SESSION-934baa2aae663ceb | SESSION-934baa2aae663ceb β pe:tls:SESSION-934baa2aae663ceb |
| flow_observed5-aryOBS | e:fo:flow:65175f124256 | flow:65175f124256 β host:192.168.1.185 β host:199.165.136.100 β port:tcp:443 β svc:https |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-716de9787a03c45e:host:192.168.1.185:host:23.219.160.5 | SESSION-716de9787a03c45e β host:192.168.1.185 β host:23.219.160.5 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-1835bee014d5b0b3:flow:bf8f4a131249 | SESSION-1835bee014d5b0b3 β flow:bf8f4a131249 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-65e185b6eab54d6a:host:192.168.1.185 | SESSION-65e185b6eab54d6a β host:192.168.1.185 |
| flow_observed5-aryOBS | e:fo:flow:a3f08c1df1f5 | flow:a3f08c1df1f5 β host:192.168.1.185 β host:192.73.248.83 β port:tcp:443 β svc:https |
| FLOW_DST_PORTOBS | e:fp:flow:ef26bc2c964d:port:tcp:62104 | flow:ef26bc2c964d β port:tcp:62104 |
| flow_observed5-aryOBS | e:fo:flow:82ce7409c0ca | flow:82ce7409c0ca β host:192.168.1.185 β host:151.101.114.172 β port:tcp:80 β svc:http |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-b7338ba843b2dafa:host:192.168.1.185 | SESSION-b7338ba843b2dafa β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:007f4ea11c64:port:tcp:443 | flow:007f4ea11c64 β port:tcp:443 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-9dab8edd40d14d9d:host:104.18.39.21 | SESSION-9dab8edd40d14d9d β host:104.18.39.21 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-cbcc97483386b4f3:flow:7986b2093729 | SESSION-cbcc97483386b4f3 β flow:7986b2093729 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-22420a928847cfad:host:192.168.1.1 | SESSION-22420a928847cfad β host:192.168.1.1 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-8c7ddbb6fe26a9a9:host:216.239.32.223 | SESSION-8c7ddbb6fe26a9a9 β host:216.239.32.223 |
| flow_observed5-aryOBS | e:fo:flow:3d20532e84ed | flow:3d20532e84ed β host:192.168.1.185 β host:23.219.160.5 β port:udp:443 β svc:https |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-7dbcb4428a9e5e71:host:209.177.156.94 | SESSION-7dbcb4428a9e5e71 β host:209.177.156.94 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-1ea83345da6e2df0:host:192.168.1.165:host:224.0.0.22 | SESSION-1ea83345da6e2df0 β host:192.168.1.165 β host:224.0.0.22 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-055fd962754012c2:SESSION-055fd962754012c2 | SESSION-055fd962754012c2 β pe:tls:SESSION-055fd962754012c2 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-cbcc97483386b4f3:host:192.168.1.185:host:104.18.32.47 | SESSION-cbcc97483386b4f3 β host:192.168.1.185 β host:104.18.32.47 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-e6ad21d692182871:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-e6ad21d692182871 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-8394aca80c2a0790:host:192.168.1.185 | SESSION-8394aca80c2a0790 β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-184b3698d564c9c7:SESSION-184b3698d564c9c7 | SESSION-184b3698d564c9c7 β pe:tls:SESSION-184b3698d564c9c7 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-5419af02605f5da4:host:192.168.1.185 | SESSION-5419af02605f5da4 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e53f703ab7b48a77:host:192.168.1.185 | SESSION-e53f703ab7b48a77 β host:192.168.1.185 |
| HOST_IN_ASNOBS 85% | e:ha:host:104.208.203.89:asn:8075 | host:104.208.203.89 β asn:8075 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-22420a928847cfad:host:192.168.1.185:host:192.168.1.1 | SESSION-22420a928847cfad β host:192.168.1.185 β host:192.168.1.1 |
| FLOW_DST_PORTOBS | e:fp:flow:abe950115ba3:port:tcp:443 | flow:abe950115ba3 β port:tcp:443 |
| FLOW_DST_PORTOBS | e:fp:flow:46c89f86a16a:port:udp:443 | flow:46c89f86a16a β port:udp:443 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-e25097cf84c7b988:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-e25097cf84c7b988 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-f32643b41a201d5b:host:192.168.1.185:host:209.177.158.246 | SESSION-f32643b41a201d5b β host:192.168.1.185 β host:209.177.158.246 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:192.73.244.245:geo_34.05440_-118.24400 | host:192.73.244.245 β geo_34.05440_-118.24400 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-7dbcb4428a9e5e71:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-7dbcb4428a9e5e71 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-184b3698d564c9c7:host:216.24.57.7 | SESSION-184b3698d564c9c7 β host:216.24.57.7 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-8394aca80c2a0790:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-8394aca80c2a0790 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-9c845bfb2b534b59:host:192.168.1.185:host:150.171.28.10 | SESSION-9c845bfb2b534b59 β host:192.168.1.185 β host:150.171.28.10 |
| FLOW_DST_PORTOBS | e:fp:flow:dd3dd13e1b60:port:udp:3478 | flow:dd3dd13e1b60 β port:udp:3478 |
| FLOW_TO_HOSTOBS | e:to:SESSION-ce6603a48a5c4c37:host:23.219.160.5 | SESSION-ce6603a48a5c4c37 β host:23.219.160.5 |
| FLOW_TO_HOSTOBS | e:to:SESSION-1f115942b61afe54:host:192.73.244.245 | SESSION-1f115942b61afe54 β host:192.73.244.245 |
| FLOW_DST_PORTOBS | e:fp:flow:f25397a8d5d5:port:tcp:443 | flow:f25397a8d5d5 β port:tcp:443 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-21bfec774060aafb:host:192.168.1.185 | SESSION-21bfec774060aafb β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-423d6f8fa2a9f7bc:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-423d6f8fa2a9f7bc β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-ea1d23994577309a:host:104.18.22.222 | SESSION-ea1d23994577309a β host:104.18.22.222 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-ea1d23994577309a:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-ea1d23994577309a β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-1f115942b61afe54:host:192.168.1.185 | SESSION-1f115942b61afe54 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e53f703ab7b48a77:host:192.168.1.185 | SESSION-e53f703ab7b48a77 β host:192.168.1.185 |
| PORT_IMPLIED_SERVICEIMP 70% | e:ps:port:udp:443:svc:https | port:udp:443 β svc:https |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-65a9e51617aa2712:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-65a9e51617aa2712 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-bcd07bc8e00bd126:host:192.168.1.185:host:209.177.158.246 | SESSION-bcd07bc8e00bd126 β host:192.168.1.185 β host:209.177.158.246 |
| FLOW_TO_HOSTOBS | e:to:SESSION-f32643b41a201d5b:host:209.177.158.246 | SESSION-f32643b41a201d5b β host:209.177.158.246 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-c4d9c40a7fec56be:SESSION-c4d9c40a7fec56be | SESSION-c4d9c40a7fec56be β pe:tls:SESSION-c4d9c40a7fec56be |
| FLOW_QUERIED_DNSOBS | e:fd:flow:dc8e0c394478:dns:wpad.mynetworksettings.com | flow:dc8e0c394478 β dns:wpad.mynetworksettings.com |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-9c85e6a530e7f20f:host:192.168.1.185:host:192.200.0.112 | SESSION-9c85e6a530e7f20f β host:192.168.1.185 β host:192.200.0.112 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-441bb1af5ec88ffb:host:192.168.1.185 | SESSION-441bb1af5ec88ffb β host:192.168.1.185 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-36cd4459caa078a9:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-36cd4459caa078a9 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-b7d90a2138968fa3:host:192.168.1.185 | SESSION-b7d90a2138968fa3 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-1835bee014d5b0b3:host:172.17.0.1 | SESSION-1835bee014d5b0b3 β host:172.17.0.1 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-17e440ba96a7a7b5:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-17e440ba96a7a7b5 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-f8dc5b0051ee4914:host:192.168.1.1 | SESSION-f8dc5b0051ee4914 β host:192.168.1.1 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:0c699e4ab5c4:dns:chatgpt.com | flow:0c699e4ab5c4 β dns:chatgpt.com |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-7dbcb4428a9e5e71:host:192.168.1.185:host:209.177.156.94 | SESSION-7dbcb4428a9e5e71 β host:192.168.1.185 β host:209.177.156.94 |
| FLOW_DST_PORTOBS | e:fp:flow:0523b90826b8:port:tcp:51645 | flow:0523b90826b8 β port:tcp:51645 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:151.101.114.172:geo_32.77970_-96.80220 | host:151.101.114.172 β geo_32.77970_-96.80220 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-05305b96b26cdffd:host:104.18.39.21:host:192.168.1.185 | SESSION-05305b96b26cdffd β host:104.18.39.21 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-055fd962754012c2:host:104.208.203.89 | SESSION-055fd962754012c2 β host:104.208.203.89 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-2014bf32e6dab59e:host:192.168.1.185 | SESSION-2014bf32e6dab59e β host:192.168.1.185 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:151.101.112.217:geo_32.77970_-96.80220 | host:151.101.112.217 β geo_32.77970_-96.80220 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:135.234.174.40:geo_38.70950_-78.15390 | host:135.234.174.40 β geo_38.70950_-78.15390 |
| FLOW_DST_PORTOBS | e:fp:flow:e36e1209129d:port:tcp:51049 | flow:e36e1209129d β port:tcp:51049 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-d146af26ba988e06:SESSION-d146af26ba988e06 | SESSION-d146af26ba988e06 β pe:tls:SESSION-d146af26ba988e06 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e881aa680da5dbf3:host:151.101.112.217 | SESSION-e881aa680da5dbf3 β host:151.101.112.217 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e0cdf80170e46e9e:host:192.168.1.185:host:142.250.115.95 | SESSION-e0cdf80170e46e9e β host:192.168.1.185 β host:142.250.115.95 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e0cdf80170e46e9e:flow:919c57e90236 | SESSION-e0cdf80170e46e9e β flow:919c57e90236 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-a019cb392bc23a7a:host:199.165.136.100 | SESSION-a019cb392bc23a7a β host:199.165.136.100 |
| flow_observed5-aryOBS | e:fo:flow:919c57e90236 | flow:919c57e90236 β host:192.168.1.185 β host:142.250.115.95 β port:udp:443 β svc:https |
| FLOW_TO_HOSTOBS | e:to:SESSION-2681df7af5f78270:host:192.168.1.185 | SESSION-2681df7af5f78270 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-ea1d23994577309a:host:104.18.22.222 | SESSION-ea1d23994577309a β host:104.18.22.222 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-7dbcb4428a9e5e71:flow:a42e7b1c53d5 | SESSION-7dbcb4428a9e5e71 β flow:a42e7b1c53d5 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-fa034e5132aecf5b:SESSION-fa034e5132aecf5b | SESSION-fa034e5132aecf5b β pe:tls:SESSION-fa034e5132aecf5b |
| ASN_IN_ORGOBS 80% | e:ao:asn:20940:org:Akamai International B.V. | asn:20940 β org:Akamai International B.V. |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-08bfd8721a383a39:host:192.168.1.185 | SESSION-08bfd8721a383a39 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-8fd6ad39adf47a18:host:104.18.36.216 | SESSION-8fd6ad39adf47a18 β host:104.18.36.216 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-4cf06bd9f9c07bb4:host:97.178.32.239 | SESSION-4cf06bd9f9c07bb4 β host:97.178.32.239 |
| flow_observed5-aryOBS | e:fo:flow:1cae684ccaf1 | flow:1cae684ccaf1 β host:192.168.1.185 β host:35.190.80.1 β port:tcp:443 β svc:https |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-21bfec774060aafb:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-21bfec774060aafb β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| flow_observed4-aryOBS | e:fo:flow:e36e1209129d | flow:e36e1209129d β host:216.24.57.251 β host:192.168.1.185 β port:tcp:51049 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-604f49b2ccac8492:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-604f49b2ccac8492 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-21bfec774060aafb:host:192.168.1.185 | SESSION-21bfec774060aafb β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:9aa8161296f7:port:tcp:443 | flow:9aa8161296f7 β port:tcp:443 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-1835bee014d5b0b3:host:172.17.0.1 | SESSION-1835bee014d5b0b3 β host:172.17.0.1 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-787a71cfd2c6f769:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-787a71cfd2c6f769 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-8fd6ad39adf47a18:host:192.168.1.185 | SESSION-8fd6ad39adf47a18 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-05305b96b26cdffd:host:192.168.1.185 | SESSION-05305b96b26cdffd β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-dabcbf693ac9fbef:host:150.171.28.10 | SESSION-dabcbf693ac9fbef β host:150.171.28.10 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-e565a4fbf5cff09b:SESSION-e565a4fbf5cff09b | SESSION-e565a4fbf5cff09b β pe:tls:SESSION-e565a4fbf5cff09b |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:syn:SESSION-cbcc97483386b4f3:SESSION-cbcc97483386b4f3 | SESSION-cbcc97483386b4f3 β pe:syn:SESSION-cbcc97483386b4f3 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-cbcc97483386b4f3:host:192.168.1.185 | SESSION-cbcc97483386b4f3 β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e86e0a049372cc85:flow:d84a13678d67 | SESSION-e86e0a049372cc85 β flow:d84a13678d67 |
| FLOW_TO_HOSTOBS | e:to:SESSION-04dc5a38b6cabcef:host:192.168.1.185 | SESSION-04dc5a38b6cabcef β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e66fd8e05921da5d:host:192.168.1.185 | SESSION-e66fd8e05921da5d β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-dabcbf693ac9fbef:flow:ab2fda60ec38 | SESSION-dabcbf693ac9fbef β flow:ab2fda60ec38 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-1f115942b61afe54:host:192.168.1.185:host:192.73.244.245 | SESSION-1f115942b61afe54 β host:192.168.1.185 β host:192.73.244.245 |
| flow_observed4-aryOBS | e:fo:flow:481a8cb33c5b | flow:481a8cb33c5b β host:192.168.1.185 β host:192.168.1.1 β port:udp:5351 |
| HOST_IN_ASNOBS 85% | e:ha:host:76.76.21.22:asn:16509 | host:76.76.21.22 β asn:16509 |
| FLOW_TO_HOSTOBS | e:to:SESSION-fa034e5132aecf5b:host:13.107.226.57 | SESSION-fa034e5132aecf5b β host:13.107.226.57 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-858ec5d25a7b6232:host:97.178.32.239 | SESSION-858ec5d25a7b6232 β host:97.178.32.239 |
| FLOW_DST_PORTOBS | e:fp:flow:03d3562fa35f:port:udp:52243 | flow:03d3562fa35f β port:udp:52243 |
| FLOW_DST_PORTOBS | e:fp:flow:a3f08c1df1f5:port:tcp:443 | flow:a3f08c1df1f5 β port:tcp:443 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-858ec5d25a7b6232:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-858ec5d25a7b6232 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-7b2b00e0ceb88c09:host:192.168.1.185 | SESSION-7b2b00e0ceb88c09 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-bcd07bc8e00bd126:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-bcd07bc8e00bd126 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_DST_PORTOBS | e:fp:flow:d479ce3b7365:port:tcp:54629 | flow:d479ce3b7365 β port:tcp:54629 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-4cf06bd9f9c07bb4:host:192.168.1.185 | SESSION-4cf06bd9f9c07bb4 β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-c8f5f362e7c0c5c8:host:192.168.1.185 | SESSION-c8f5f362e7c0c5c8 β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-0e59fb5fe4c720df:flow:00f4e10d6ac7 | SESSION-0e59fb5fe4c720df β flow:00f4e10d6ac7 |
| FLOW_TO_HOSTOBS | e:to:SESSION-5419af02605f5da4:host:97.178.32.239 | SESSION-5419af02605f5da4 β host:97.178.32.239 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-cbcc97483386b4f3:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-cbcc97483386b4f3 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-9c845bfb2b534b59:SESSION-9c845bfb2b534b59 | SESSION-9c845bfb2b534b59 β pe:tls:SESSION-9c845bfb2b534b59 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-9dab8edd40d14d9d:flow:f19ee6508782 | SESSION-9dab8edd40d14d9d β flow:f19ee6508782 |
| FLOW_TO_HOSTOBS | e:to:SESSION-06fade4febc8462c:host:104.18.23.222 | SESSION-06fade4febc8462c β host:104.18.23.222 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-5419af02605f5da4:host:192.168.1.185:host:97.178.32.239 | SESSION-5419af02605f5da4 β host:192.168.1.185 β host:97.178.32.239 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-716de9787a03c45e:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-716de9787a03c45e β BSG-HORIZ_SCAN-cd2c52661c4b |
| FLOW_FROM_HOSTOBS | e:from:SESSION-741380b5a9a3a6c7:host:172.64.151.22 | SESSION-741380b5a9a3a6c7 β host:172.64.151.22 |
| FLOW_TO_HOSTOBS | e:to:SESSION-86bc6b9e53c222b0:host:23.219.160.5 | SESSION-86bc6b9e53c222b0 β host:23.219.160.5 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-1065a64ded6cc44c:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-1065a64ded6cc44c β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_DST_PORTOBS | e:fp:flow:05b4e5b174c0:port:tcp:54986 | flow:05b4e5b174c0 β port:tcp:54986 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e53f703ab7b48a77:host:192.168.1.185:host:199.165.136.100 | SESSION-e53f703ab7b48a77 β host:192.168.1.185 β host:199.165.136.100 |
| FLOW_TO_HOSTOBS | e:to:SESSION-2014bf32e6dab59e:host:151.101.113.140 | SESSION-2014bf32e6dab59e β host:151.101.113.140 |
| flow_observed5-aryOBS | e:fo:flow:f3b81336df74 | flow:f3b81336df74 β host:192.168.1.185 β host:151.101.112.217 β port:tcp:443 β svc:https |
| FLOW_TO_HOSTOBS | e:to:SESSION-e25097cf84c7b988:host:97.178.32.239 | SESSION-e25097cf84c7b988 β host:97.178.32.239 |
| FLOW_TO_HOSTOBS | e:to:SESSION-200a1edeb5081c1b:host:192.168.1.185 | SESSION-200a1edeb5081c1b β host:192.168.1.185 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-0e59fb5fe4c720df:SESSION-0e59fb5fe4c720df | SESSION-0e59fb5fe4c720df β pe:tls:SESSION-0e59fb5fe4c720df |
| flow_observed4-aryOBS | e:fo:flow:495f7c8d94fd | flow:495f7c8d94fd β host:209.177.156.94 β host:192.168.1.185 β port:tcp:43844 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-65a9e51617aa2712:host:192.168.1.185:host:199.165.136.100 | SESSION-65a9e51617aa2712 β host:192.168.1.185 β host:199.165.136.100 |
| ASN_IN_ORGOBS 80% | e:ao:asn:14618:org:Amazon.com, Inc. | asn:14618 β org:Amazon.com, Inc. |
| FLOW_DST_PORTOBS | e:fp:flow:bab9257727f6:port:udp:443 | flow:bab9257727f6 β port:udp:443 |
| flow_observed5-aryOBS | e:fo:flow:7be9da9aa76d | flow:7be9da9aa76d β host:192.168.1.185 β host:52.182.143.215 β port:tcp:443 β svc:https |
| flow_observed4-aryOBS | e:fo:flow:4eed5ff51111 | flow:4eed5ff51111 β host:192.168.1.185 β host:192.168.1.1 β port:tcp:46407 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95% | e:bsg:SESSION-06fade4febc8462c:BSG-DATA_EXFIL-78b438a917b5 | SESSION-06fade4febc8462c β BSG-DATA_EXFIL-78b438a917b5 |
| flow_observed3-aryOBS | e:fo:flow:7395be855a32 | flow:7395be855a32 β host:97.178.32.239 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-05305b96b26cdffd:host:104.18.39.21 | SESSION-05305b96b26cdffd β host:104.18.39.21 |
| FLOW_TLS_SNIOBS | e:fs:flow:7be9da9aa76d:tls_sni:browser.events.data.microsoft.com | flow:7be9da9aa76d β tls_sni:browser.events.data.microsoft.com |
| flow_observed5-aryOBS | e:fo:flow:0c699e4ab5c4 | flow:0c699e4ab5c4 β host:192.168.1.185 β host:192.168.1.1 β port:udp:53 β svc:dns |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-10cf97843d85c279:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-10cf97843d85c279 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-2014bf32e6dab59e:SESSION-2014bf32e6dab59e | SESSION-2014bf32e6dab59e β pe:tls:SESSION-2014bf32e6dab59e |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-d7f6ed06cf3ab18b:flow:df281449ac19 | SESSION-d7f6ed06cf3ab18b β flow:df281449ac19 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-7b2b00e0ceb88c09:flow:4ac806f4d834 | SESSION-7b2b00e0ceb88c09 β flow:4ac806f4d834 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-08bfd8721a383a39:flow:dc8e0c394478 | SESSION-08bfd8721a383a39 β flow:dc8e0c394478 |
| FLOW_TO_HOSTOBS | e:to:SESSION-10cf97843d85c279:host:209.177.156.94 | SESSION-10cf97843d85c279 β host:209.177.156.94 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-c4d9c40a7fec56be:host:192.168.1.185:host:135.234.174.40 | SESSION-c4d9c40a7fec56be β host:192.168.1.185 β host:135.234.174.40 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-348feef1c6ca6285:host:192.168.1.185 | SESSION-348feef1c6ca6285 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-36cd4459caa078a9:host:192.168.1.185:host:135.234.174.40 | SESSION-36cd4459caa078a9 β host:192.168.1.185 β host:135.234.174.40 |
| flow_observed5-aryOBS | e:fo:flow:21a678dc75de | flow:21a678dc75de β host:192.168.1.185 β host:199.165.136.100 β port:tcp:443 β svc:https |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e881aa680da5dbf3:host:192.168.1.185:host:151.101.112.217 | SESSION-e881aa680da5dbf3 β host:192.168.1.185 β host:151.101.112.217 |
| flow_observed4-aryOBS | e:fo:flow:00f4e10d6ac7 | flow:00f4e10d6ac7 β host:209.177.156.94 β host:192.168.1.185 β port:tcp:43844 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-c8f5f362e7c0c5c8:host:216.24.57.251:host:192.168.1.185 | SESSION-c8f5f362e7c0c5c8 β host:216.24.57.251 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-858ec5d25a7b6232:host:192.168.1.185 | SESSION-858ec5d25a7b6232 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:137f07aaadb4:port:udp:41641 | flow:137f07aaadb4 β port:udp:41641 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-08bfd8721a383a39:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-08bfd8721a383a39 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-99947e3aab494326:host:192.200.0.112 | SESSION-99947e3aab494326 β host:192.200.0.112 |
| PORT_IMPLIED_SERVICEIMP 70% | e:ps:port:udp:53:svc:dns | port:udp:53 β svc:dns |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-1ea83345da6e2df0:host:192.168.1.165 | SESSION-1ea83345da6e2df0 β host:192.168.1.165 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-0e59fb5fe4c720df:host:209.177.156.94:host:192.168.1.185 | SESSION-0e59fb5fe4c720df β host:209.177.156.94 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:46f60ddc23a2:port:tcp:46407 | flow:46f60ddc23a2 β port:tcp:46407 |
| FLOW_TO_HOSTOBS | e:to:SESSION-8394aca80c2a0790:host:52.182.143.215 | SESSION-8394aca80c2a0790 β host:52.182.143.215 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-716de9787a03c45e:flow:3d20532e84ed | SESSION-716de9787a03c45e β flow:3d20532e84ed |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e0cdf80170e46e9e:host:142.250.115.95 | SESSION-e0cdf80170e46e9e β host:142.250.115.95 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-dabcbf693ac9fbef:host:192.168.1.185:host:150.171.28.10 | SESSION-dabcbf693ac9fbef β host:192.168.1.185 β host:150.171.28.10 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-05305b96b26cdffd:host:192.168.1.185 | SESSION-05305b96b26cdffd β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:51a92af49050:port:tcp:443 | flow:51a92af49050 β port:tcp:443 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e0cdf80170e46e9e:host:142.250.115.95 | SESSION-e0cdf80170e46e9e β host:142.250.115.95 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-934baa2aae663ceb:host:192.168.1.185 | SESSION-934baa2aae663ceb β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-36cd4459caa078a9:host:192.168.1.185 | SESSION-36cd4459caa078a9 β host:192.168.1.185 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:104.208.203.89:geo_36.66940_-78.38770 | host:104.208.203.89 β geo_36.66940_-78.38770 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95% | e:bsg:SESSION-cbcc97483386b4f3:BSG-DATA_EXFIL-78b438a917b5 | SESSION-cbcc97483386b4f3 β BSG-DATA_EXFIL-78b438a917b5 |
| flow_observed4-aryOBS | e:fo:flow:c65476284ea0 | flow:c65476284ea0 β host:162.159.128.61 β host:192.168.1.185 β port:tcp:61509 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-b7d90a2138968fa3:host:209.177.156.94 | SESSION-b7d90a2138968fa3 β host:209.177.156.94 |
| HOST_IN_ASNOBS 85% | e:ha:host:151.101.114.172:asn:54113 | host:151.101.114.172 β asn:54113 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-0e59fb5fe4c720df:host:209.177.156.94 | SESSION-0e59fb5fe4c720df β host:209.177.156.94 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-65e185b6eab54d6a:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-65e185b6eab54d6a β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| FLOW_TO_HOSTOBS | e:to:SESSION-c4d9c40a7fec56be:host:135.234.174.40 | SESSION-c4d9c40a7fec56be β host:135.234.174.40 |
| FLOW_DST_PORTOBS | e:fp:flow:0380e0cd29dc:port:tcp:52640 | flow:0380e0cd29dc β port:tcp:52640 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-441bb1af5ec88ffb:host:192.168.1.185 | SESSION-441bb1af5ec88ffb β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-8c7ddbb6fe26a9a9:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-8c7ddbb6fe26a9a9 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:52.182.143.215:geo_41.60150_-93.61270 | host:52.182.143.215 β geo_41.60150_-93.61270 |
| FLOW_DST_PORTOBS | e:fp:flow:9d482c927ad5:port:tcp:443 | flow:9d482c927ad5 β port:tcp:443 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95% | e:bsg:SESSION-8394aca80c2a0790:BSG-DATA_EXFIL-78b438a917b5 | SESSION-8394aca80c2a0790 β BSG-DATA_EXFIL-78b438a917b5 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-c8f5f362e7c0c5c8:SESSION-c8f5f362e7c0c5c8 | SESSION-c8f5f362e7c0c5c8 β pe:tls:SESSION-c8f5f362e7c0c5c8 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-68666b77cce29d40:host:192.168.1.185:host:192.168.1.1 | SESSION-68666b77cce29d40 β host:192.168.1.185 β host:192.168.1.1 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-36cd4459caa078a9:SESSION-36cd4459caa078a9 | SESSION-36cd4459caa078a9 β pe:tls:SESSION-36cd4459caa078a9 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-e0cdf80170e46e9e:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-e0cdf80170e46e9e β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-184b3698d564c9c7:flow:a25fcb74f721 | SESSION-184b3698d564c9c7 β flow:a25fcb74f721 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-68666b77cce29d40:host:192.168.1.185 | SESSION-68666b77cce29d40 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-716de9787a03c45e:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-716de9787a03c45e β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-1835bee014d5b0b3:host:192.168.1.185:host:172.17.0.1 | SESSION-1835bee014d5b0b3 β host:192.168.1.185 β host:172.17.0.1 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-441bb1af5ec88ffb:SESSION-441bb1af5ec88ffb | SESSION-441bb1af5ec88ffb β pe:tls:SESSION-441bb1af5ec88ffb |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e25097cf84c7b988:flow:682d5368c69e | SESSION-e25097cf84c7b988 β flow:682d5368c69e |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:20.62.59.32:geo_36.66940_-78.38770 | host:20.62.59.32 β geo_36.66940_-78.38770 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-dabcbf693ac9fbef:SESSION-dabcbf693ac9fbef | SESSION-dabcbf693ac9fbef β pe:tls:SESSION-dabcbf693ac9fbef |
| FLOW_TO_HOSTOBS | e:to:SESSION-b7338ba843b2dafa:host:192.73.248.83 | SESSION-b7338ba843b2dafa β host:192.73.248.83 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-86bc6b9e53c222b0:host:192.168.1.185:host:23.219.160.5 | SESSION-86bc6b9e53c222b0 β host:192.168.1.185 β host:23.219.160.5 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-8fd6ad39adf47a18:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-8fd6ad39adf47a18 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-ce6603a48a5c4c37:flow:bab9257727f6 | SESSION-ce6603a48a5c4c37 β flow:bab9257727f6 |
| HOST_IN_ASNOBS 85% | e:ha:host:142.250.113.95:asn:15169 | host:142.250.113.95 β asn:15169 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e6729d0ebc579395:host:192.168.1.185 | SESSION-e6729d0ebc579395 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-7bf53771cd98ec17:host:192.168.1.185:host:192.168.1.1 | SESSION-7bf53771cd98ec17 β host:192.168.1.185 β host:192.168.1.1 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-f8dc5b0051ee4914:host:192.168.1.185 | SESSION-f8dc5b0051ee4914 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-055fd962754012c2:host:192.168.1.185 | SESSION-055fd962754012c2 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-68666b77cce29d40:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-68666b77cce29d40 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-348feef1c6ca6285:host:151.101.113.140 | SESSION-348feef1c6ca6285 β host:151.101.113.140 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-d146af26ba988e06:host:192.168.1.185:host:104.18.32.47 | SESSION-d146af26ba988e06 β host:192.168.1.185 β host:104.18.32.47 |
| flow_observed5-aryOBS | e:fo:flow:51a92af49050 | flow:51a92af49050 β host:192.168.1.185 β host:76.76.21.22 β port:tcp:443 β svc:https |
| FLOW_DST_PORTOBS | e:fp:flow:1cae684ccaf1:port:tcp:443 | flow:1cae684ccaf1 β port:tcp:443 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-04dc5a38b6cabcef:host:192.168.1.185 | SESSION-04dc5a38b6cabcef β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-f32643b41a201d5b:host:192.168.1.185 | SESSION-f32643b41a201d5b β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-2681df7af5f78270:host:97.178.32.239:host:192.168.1.185 | SESSION-2681df7af5f78270 β host:97.178.32.239 β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-06fade4febc8462c:host:104.18.23.222 | SESSION-06fade4febc8462c β host:104.18.23.222 |
| FLOW_DST_PORTOBS | e:fp:flow:027ad06c15d5:port:tcp:55880 | flow:027ad06c15d5 β port:tcp:55880 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-e881aa680da5dbf3:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-e881aa680da5dbf3 β BSG-HORIZ_SCAN-cd2c52661c4b |
| FLOW_TO_HOSTOBS | e:to:SESSION-bc4350b5c6d66f3f:host:34.111.31.13 | SESSION-bc4350b5c6d66f3f β host:34.111.31.13 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-81e5b5be161de125:host:151.101.114.172 | SESSION-81e5b5be161de125 β host:151.101.114.172 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:syn:SESSION-81e5b5be161de125:SESSION-81e5b5be161de125 | SESSION-81e5b5be161de125 β pe:syn:SESSION-81e5b5be161de125 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e6ad21d692182871:host:199.165.136.100 | SESSION-e6ad21d692182871 β host:199.165.136.100 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-99947e3aab494326:flow:0523b90826b8 | SESSION-99947e3aab494326 β flow:0523b90826b8 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-b7338ba843b2dafa:host:192.168.1.185 | SESSION-b7338ba843b2dafa β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e86e0a049372cc85:host:192.168.1.185 | SESSION-e86e0a049372cc85 β host:192.168.1.185 |
| HOST_IN_ASNOBS 85% | e:ha:host:23.213.232.172:asn:20940 | host:23.213.232.172 β asn:20940 |
| HOST_IN_ASNOBS 85% | e:ha:host:142.250.115.95:asn:15169 | host:142.250.115.95 β asn:15169 |
| HOST_IN_ASNOBS 85% | e:ha:host:167.235.217.196:asn:24940 | host:167.235.217.196 β asn:24940 |
| FLOW_DST_PORTOBS | e:fp:flow:a42e7b1c53d5:port:udp:3478 | flow:a42e7b1c53d5 β port:udp:3478 |
| FLOW_QUERIED_DNSOBS | e:fd:flow:660ca437efa1:dns:copilot.microsoft.com | flow:660ca437efa1 β dns:copilot.microsoft.com |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-f32643b41a201d5b:flow:dd3dd13e1b60 | SESSION-f32643b41a201d5b β flow:dd3dd13e1b60 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-e66fd8e05921da5d:flow:26faad66f81e | SESSION-e66fd8e05921da5d β flow:26faad66f81e |
| FLOW_DST_PORTOBS | e:fp:flow:300bb0be41cf:port:tcp:443 | flow:300bb0be41cf β port:tcp:443 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-9c845bfb2b534b59:host:192.168.1.185 | SESSION-9c845bfb2b534b59 β host:192.168.1.185 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-d7f6ed06cf3ab18b:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-d7f6ed06cf3ab18b β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-d146af26ba988e06:flow:f25397a8d5d5 | SESSION-d146af26ba988e06 β flow:f25397a8d5d5 |
| FLOW_DST_PORTOBS | e:fp:flow:481a8cb33c5b:port:udp:5351 | flow:481a8cb33c5b β port:udp:5351 |
| FLOW_DST_PORTOBS | e:fp:flow:7be9da9aa76d:port:tcp:443 | flow:7be9da9aa76d β port:tcp:443 |
| HOST_IN_ASNOBS 85% | e:ha:host:52.182.143.215:asn:8075 | host:52.182.143.215 β asn:8075 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-65a9e51617aa2712:SESSION-65a9e51617aa2712 | SESSION-65a9e51617aa2712 β pe:tls:SESSION-65a9e51617aa2712 |
| FLOW_TO_HOSTOBS | e:to:SESSION-e6729d0ebc579395:host:97.178.32.239 | SESSION-e6729d0ebc579395 β host:97.178.32.239 |
| FLOW_TO_HOSTOBS | e:to:SESSION-7dbcb4428a9e5e71:host:209.177.156.94 | SESSION-7dbcb4428a9e5e71 β host:209.177.156.94 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-0e59fb5fe4c720df:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-0e59fb5fe4c720df β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| flow_observed5-aryOBS | e:fo:flow:779733f74ceb | flow:779733f74ceb β host:192.168.1.185 β host:104.208.203.89 β port:tcp:443 β svc:https |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-fa034e5132aecf5b:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-fa034e5132aecf5b β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-04dc5a38b6cabcef:host:167.235.217.196 | SESSION-04dc5a38b6cabcef β host:167.235.217.196 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-423d6f8fa2a9f7bc:host:23.213.232.172 | SESSION-423d6f8fa2a9f7bc β host:23.213.232.172 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-9b68d4601d0ccd30:flow:f5abaef54664 | SESSION-9b68d4601d0ccd30 β flow:f5abaef54664 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-7bf53771cd98ec17:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-7bf53771cd98ec17 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-1835bee014d5b0b3:host:192.168.1.185 | SESSION-1835bee014d5b0b3 β host:192.168.1.185 |
| FLOW_DST_PORTOBS | e:fp:flow:1fbee9feb06d:port:tcp:51146 | flow:1fbee9feb06d β port:tcp:51146 |
| HOST_IN_ASNOBS 85% | e:ha:host:151.101.113.140:asn:54113 | host:151.101.113.140 β asn:54113 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-934baa2aae663ceb:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-934baa2aae663ceb β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-5673cdc8e15ecc28:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-5673cdc8e15ecc28 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-65a9e51617aa2712:flow:21a678dc75de | SESSION-65a9e51617aa2712 β flow:21a678dc75de |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-e66fd8e05921da5d:host:192.168.1.185:host:172.18.0.1 | SESSION-e66fd8e05921da5d β host:192.168.1.185 β host:172.18.0.1 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-9c85e6a530e7f20f:SESSION-9c85e6a530e7f20f | SESSION-9c85e6a530e7f20f β pe:tls:SESSION-9c85e6a530e7f20f |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-441bb1af5ec88ffb:flow:51a92af49050 | SESSION-441bb1af5ec88ffb β flow:51a92af49050 |
| FLOW_TO_HOSTOBS | e:to:SESSION-d146af26ba988e06:host:104.18.32.47 | SESSION-d146af26ba988e06 β host:104.18.32.47 |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:dns:SESSION-58f9cafe500f64ad:SESSION-58f9cafe500f64ad | SESSION-58f9cafe500f64ad β pe:dns:SESSION-58f9cafe500f64ad |
| flow_observed4-aryOBS | e:fo:flow:fdf049da8b14 | flow:fdf049da8b14 β host:192.168.1.185 β host:209.177.156.94 β port:udp:3478 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-06fade4febc8462c:host:192.168.1.185 | SESSION-06fade4febc8462c β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-d7f6ed06cf3ab18b:host:192.168.1.185 | SESSION-d7f6ed06cf3ab18b β host:192.168.1.185 |
| FLOW_TO_HOSTOBS | e:to:SESSION-65a9e51617aa2712:host:199.165.136.100 | SESSION-65a9e51617aa2712 β host:199.165.136.100 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-bc4350b5c6d66f3f:host:192.168.1.185:host:34.111.31.13 | SESSION-bc4350b5c6d66f3f β host:192.168.1.185 β host:34.111.31.13 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-e25097cf84c7b988:host:192.168.1.185 | SESSION-e25097cf84c7b988 β host:192.168.1.185 |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-58f9cafe500f64ad:host:192.168.1.185:host:192.168.1.1 | SESSION-58f9cafe500f64ad β host:192.168.1.185 β host:192.168.1.1 |
| FLOW_TO_HOSTOBS | e:to:SESSION-9c85e6a530e7f20f:host:192.200.0.112 | SESSION-9c85e6a530e7f20f β host:192.200.0.112 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-04dc5a38b6cabcef:host:167.235.217.196 | SESSION-04dc5a38b6cabcef β host:167.235.217.196 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-58f9cafe500f64ad:host:192.168.1.185 | SESSION-58f9cafe500f64ad β host:192.168.1.185 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-1f115942b61afe54:host:192.73.244.245 | SESSION-1f115942b61afe54 β host:192.73.244.245 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-fa034e5132aecf5b:host:13.107.226.57 | SESSION-fa034e5132aecf5b β host:13.107.226.57 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-ce6603a48a5c4c37:host:23.219.160.5 | SESSION-ce6603a48a5c4c37 β host:23.219.160.5 |
| HOST_IN_ASNOBS 85% | e:ha:host:192.73.243.135:asn:36236 | host:192.73.243.135 β asn:36236 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95% | e:bsg:SESSION-b7338ba843b2dafa:BSG-DATA_EXFIL-78b438a917b5 | SESSION-b7338ba843b2dafa β BSG-DATA_EXFIL-78b438a917b5 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-604f49b2ccac8492:host:192.168.1.185 | SESSION-604f49b2ccac8492 β host:192.168.1.185 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-1f115942b61afe54:host:192.168.1.185 | SESSION-1f115942b61afe54 β host:192.168.1.185 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-8fd6ad39adf47a18:flow:027ad06c15d5 | SESSION-8fd6ad39adf47a18 β flow:027ad06c15d5 |
| HOST_GEO_ESTIMATEOBS 60% | e:hg:host:209.177.158.246:geo_41.88350_-87.63050 | host:209.177.158.246 β geo_41.88350_-87.63050 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-2681df7af5f78270:host:97.178.32.239 | SESSION-2681df7af5f78270 β host:97.178.32.239 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-e86e0a049372cc85:host:142.250.113.95 | SESSION-e86e0a049372cc85 β host:142.250.113.95 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-741380b5a9a3a6c7:flow:ef26bc2c964d | SESSION-741380b5a9a3a6c7 β flow:ef26bc2c964d |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-d7f6ed06cf3ab18b:host:97.178.32.239 | SESSION-d7f6ed06cf3ab18b β host:97.178.32.239 |
| FLOW_DST_PORTOBS | e:fp:flow:682d5368c69e:port:udp:1050 | flow:682d5368c69e β port:udp:1050 |
| FLOW_FROM_HOSTOBS | e:from:SESSION-d7f6ed06cf3ab18b:host:97.178.32.239 | SESSION-d7f6ed06cf3ab18b β host:97.178.32.239 |
| flow_observed4-aryOBS | e:fo:flow:f19ee6508782 | flow:f19ee6508782 β host:104.18.39.21 β host:192.168.1.185 β port:tcp:58457 |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90% | e:bsg:SESSION-348feef1c6ca6285:BSG-BEACON-3fa1dca5627c | SESSION-348feef1c6ca6285 β BSG-BEACON-3fa1dca5627c |
| flow_observed5-aryOBS | e:fo:flow:6fe67514daf4 | flow:6fe67514daf4 β host:192.168.1.185 β host:192.73.248.83 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-1ea83345da6e2df0:flow:d658b18ff560 | SESSION-1ea83345da6e2df0 β flow:d658b18ff560 |
| flow_observed5-aryOBS | e:fo:flow:007f4ea11c64 | flow:007f4ea11c64 β host:192.168.1.185 β host:135.234.174.40 β port:tcp:443 β svc:https |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-de97a19f0937505c:flow:1fbee9feb06d | SESSION-de97a19f0937505c β flow:1fbee9feb06d |
| SESSION_CONTAINS_EVENTOBS | e:pe:pe:tls:SESSION-ea1d23994577309a:SESSION-ea1d23994577309a | SESSION-ea1d23994577309a β pe:tls:SESSION-ea1d23994577309a |
| SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80% | e:bsg:SESSION-e86e0a049372cc85:BSG-HORIZ_SCAN-cd2c52661c4b | SESSION-e86e0a049372cc85 β BSG-HORIZ_SCAN-cd2c52661c4b |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-22420a928847cfad:flow:481a8cb33c5b | SESSION-22420a928847cfad β flow:481a8cb33c5b |
| FLOW_TO_HOSTOBS | e:to:SESSION-cbcc97483386b4f3:host:104.18.32.47 | SESSION-cbcc97483386b4f3 β host:104.18.32.47 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-055fd962754012c2:host:104.208.203.89 | SESSION-055fd962754012c2 β host:104.208.203.89 |
| SESSION_DERIVED_FROM_PCAPOBS | e:derived:SESSION-b7d90a2138968fa3:PCAP:cap_05182026_430pmCST:aee251eecdd8 | SESSION-b7d90a2138968fa3 β PCAP:cap_05182026_430pmCST:aee251eecdd8 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-329be171c0b80b92:host:172.29.16.1 | SESSION-329be171c0b80b92 β host:172.29.16.1 |
| flow_observed5-aryOBS | e:fo:flow:f25397a8d5d5 | flow:f25397a8d5d5 β host:192.168.1.185 β host:104.18.32.47 β port:tcp:443 β svc:https |
| FLOW_TO_HOSTOBS | e:to:SESSION-65e185b6eab54d6a:host:192.168.1.1 | SESSION-65e185b6eab54d6a β host:192.168.1.1 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-741380b5a9a3a6c7:host:172.64.151.22 | SESSION-741380b5a9a3a6c7 β host:172.64.151.22 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-c4d9c40a7fec56be:flow:007f4ea11c64 | SESSION-c4d9c40a7fec56be β flow:007f4ea11c64 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-1ea83345da6e2df0:host:224.0.0.22 | SESSION-1ea83345da6e2df0 β host:224.0.0.22 |
| SESSION_OBSERVED_FLOWOBS | e:sof:SESSION-68666b77cce29d40:flow:0c699e4ab5c4 | SESSION-68666b77cce29d40 β flow:0c699e4ab5c4 |
| flow_observed5-aryOBS | e:fo:flow:dc8e0c394478 | flow:dc8e0c394478 β host:192.168.1.185 β host:192.168.1.1 β port:udp:53 β svc:dns |
| SESSION_BETWEEN_HOSTS3-aryOBS | e:sbh:SESSION-08bfd8721a383a39:host:192.168.1.185:host:192.168.1.1 | SESSION-08bfd8721a383a39 β host:192.168.1.185 β host:192.168.1.1 |
| HOST_IN_ASNOBS 85% | e:ha:host:34.111.31.13:asn:396982 | host:34.111.31.13 β asn:396982 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-21bfec774060aafb:host:192.168.1.1 | SESSION-21bfec774060aafb β host:192.168.1.1 |
| SESSION_OBSERVED_HOSTOBS | e:soh:SESSION-83d0b20751c23f69:host:192.168.1.185 | SESSION-83d0b20751c23f69 β host:192.168.1.185 |