The hypergraph approach to network visualization<\/a> is a sophisticated way to manage the complexity of modern infrastructure, especially when correlating disparate data sources like Deep Packet Inspection (nDPI) and active scanning results (nmap).<\/p>\n\n\n\n While traditional graphs represent binary relationships (A connects to B), a hypergraph allows an edge to connect any number of vertices. In a network security or forensics context, this is exceptionally powerful because it mirrors the multi-dimensional nature of traffic:<\/p>\n\n\n\n The transition from standard relational maps to hypergraph visualizations represents a shift from “mapping connections” to “mapping context.” It is a robust way to bridge the gap between low-level packet data and high-level situational awareness.<\/p>\n\n\n\n April 23, 2026 | Ben Gilbert | Texas City The hypergraph approach to network visualization is a sophisticated way to manage the complexity of modern infrastructure, especially when correlating disparate data sources like Deep Packet Inspection (nDPI) and active scanning results (nmap). While traditional graphs represent binary relationships (A connects to B), a hypergraph allows… <\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"class_list":["post-5624","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages\/5624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5624"}],"version-history":[{"count":0,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages\/5624\/revisions"}],"wp:attachment":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
Potential Considerations for Implementation:<\/h3>\n\n\n\n
\n
\u2705 Ingested 1 PCAPs \u2192 19 sessions, 128 nodes, 261 edges\n\n1 PCAPs \u2022 19 sessions \u2022 11 hosts \u2022 11 \ud83c\udf0d geolocated\n\n\u25b6 \ud83d\udcc4 DevOpsPage_20260423_1021pmCST.pcap\n\n2.3 MB \u2022 19 sessions \u2022 TCP:15 UDP:4<\/code><\/pre>\n\n\n\nExpanded on April 24, 2025 <\/h4>\n\n\n\n
\u2705 Ingested 4 PCAPs \u2192 34 sessions, 184 nodes, 423 edges\n5 PCAPs \u2022 53 sessions \u2022 25 hosts \u2022 25 \ud83c\udf0d geolocated\n\u25b6 \ud83d\udcc4 DevOpsPage_20260423_1021pmCST.pcap\n2.3 MB \u2022 19 sessions \u2022 TCP:15 UDP:4\n\u25b6 \ud83d\udcc4 capture_20260424140001.pcap\n9.7 KB \u2022 8 sessions \u2022 UDP:3 TCP:3 ICMP:2\n\u25b6 \ud83d\udcc4 capture_20260424150002.pcap\n48.5 KB \u2022 13 sessions \u2022 ICMP:3 TCP:7 UDP:3\n\u25b6 \ud83d\udcc4 capture_20260424160001.pcap\n11.1 KB \u2022 11 sessions \u2022 ICMP:2 TCP:6 UDP:3\n\u25b6 \ud83d\udcc4 capture_20260424170001.pcap\n1.6 KB \u2022 2 sessions \u2022 UDP:2<\/code><\/pre>\n\n\n\nKind<\/th> ID<\/th> Labels<\/th> Position<\/th><\/tr><\/thead> asn<\/td> asn:714<\/td> asn=714, org=Apple Inc.<\/td> <\/td><\/tr> asn<\/td> asn:197540<\/td> asn=197,540, org=netcup GmbH<\/td> <\/td><\/tr> asn<\/td> asn:45102<\/td> asn=45,102, org=Alibaba US Technology Co., Ltd.<\/td> <\/td><\/tr> asn<\/td> asn:13414<\/td> asn=13,414, org=Twitter Inc.<\/td> <\/td><\/tr> asn<\/td> asn:47890<\/td> asn=47,890, org=Unmanaged Ltd<\/td> <\/td><\/tr> asn<\/td> asn:202306<\/td> asn=202,306, org=Hostglobal.plus Ltd<\/td> <\/td><\/tr> asn<\/td> asn:4766<\/td> asn=4,766, org=Korea Telecom<\/td> <\/td><\/tr> asn<\/td> asn:138915<\/td> asn=138,915, org=Kaopu Cloud HK Limited<\/td> <\/td><\/tr> asn<\/td> asn:6167<\/td> asn=6,167, org=Verizon Business<\/td> <\/td><\/tr> asn<\/td> asn:24940<\/td> asn=24,940, org=Hetzner Online GmbH<\/td> <\/td><\/tr> asn<\/td> asn:136958<\/td> asn=136,958, org=China Unicom Guangdong IP network<\/td> <\/td><\/tr> asn<\/td> asn:396982<\/td> asn=396,982, org=Google LLC<\/td> <\/td><\/tr> asn<\/td> asn:132203<\/td> asn=132,203, org=Tencent Building, Kejizhongyi Avenue<\/td> <\/td><\/tr> asn<\/td> asn:63949<\/td> asn=63,949, org=Akamai Connected Cloud<\/td> <\/td><\/tr> asn<\/td> asn:11878<\/td> asn=11,878, org=tzulo, inc.<\/td> <\/td><\/tr> asn<\/td> asn:8075<\/td> asn=8,075, org=Microsoft Corporation<\/td> <\/td><\/tr> asn<\/td> asn:4<\/td> asn=4, org=University of Southern California<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-c45ebda152e5<\/td> behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=134913; large_volume (\u2265100KB); high_rate (177517 B\/s), dst_ip=, member_count=1, src_ip=199.16.157.181, summary=Exfil suspect: 199.16.157.181 \u2192 1 destinations, 134,913B total, max 134,913B\/session, total_bytes=134,913, total_packets=132, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-BEACON-f6c2b3d0e42d<\/td> behavior=BEACON, confidence=0.75, detection_rationale=byte_cv=0.08 (\u22640.6); count=15, dst_ip=172.232.0.17, dst_port=53, interval_cv=2.778, mean_interval=3,499.3, member_count=15, src_ip=172.234.197.23, summary=Beacon: 172.234.197.23 \u2192 172.232.0.17:53, 15 sessions, interval CV=2.78, mean 284B, total_bytes=4,262, total_packets=30, unique_hosts=0, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-012d574517f4<\/td> behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=19222, dst_ip=, member_count=1, src_ip=172.234.197.23, summary=Exfil suspect: 172.234.197.23 \u2192 1 destinations, 19,222B total, max 19,222B\/session, total_bytes=19,222, total_packets=223, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-6dd8484f3944<\/td> behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=132030; large_volume (\u2265100KB); high_rate (145088 B\/s), dst_ip=, member_count=1, src_ip=144.76.23.47, summary=Exfil suspect: 144.76.23.47 \u2192 1 destinations, 132,030B total, max 132,030B\/session, total_bytes=132,030, total_packets=117, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-0b1600805959<\/td> behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=35346, dst_ip=, member_count=1, src_ip=43.135.145.73, summary=Exfil suspect: 43.135.145.73 \u2192 1 destinations, 35,346B total, max 35,346B\/session, total_bytes=35,346, total_packets=49, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-e6f479c60e03<\/td> behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=135310; large_volume (\u2265100KB); high_rate (169138 B\/s), dst_ip=, member_count=1, src_ip=199.16.157.183, summary=Exfil suspect: 199.16.157.183 \u2192 1 destinations, 135,310B total, max 135,310B\/session, total_bytes=135,310, total_packets=138, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-f0f719b48579<\/td> behavior=DATA_EXFIL, confidence=0.65, detection_rationale=total_bytes=33059; high_rate (103309 B\/s), dst_ip=, member_count=1, src_ip=66.228.53.204, summary=Exfil suspect: 66.228.53.204 \u2192 1 destinations, 33,059B total, max 33,059B\/session, total_bytes=33,059, total_packets=39, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-58becbf84c75<\/td> behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=1644041; large_volume (\u2265100KB); high_rate (202219 B\/s), dst_ip=, member_count=1, src_ip=97.139.12.85, summary=Exfil suspect: 97.139.12.85 \u2192 1 destinations, 1,644,041B total, max 1,644,041B\/session, total_bytes=1,644,041, total_packets=1,245, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-ba0a9ef14e5d<\/td> behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=135474; large_volume (\u2265100KB); high_rate (301053 B\/s), dst_ip=, member_count=1, src_ip=17.22.237.22, summary=Exfil suspect: 17.22.237.22 \u2192 1 destinations, 135,474B total, max 135,474B\/session, total_bytes=135,474, total_packets=135, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> behavior_group<\/td> BSG-DATA_EXFIL-c24d7cb3a7e4<\/td> behavior=DATA_EXFIL, confidence=0.85, detection_rationale=total_bytes=135336; large_volume (\u2265100KB); high_rate (171311 B\/s), dst_ip=, member_count=1, src_ip=199.16.157.182, summary=Exfil suspect: 199.16.157.182 \u2192 1 destinations, 135,336B total, max 135,336B\/session, total_bytes=135,336, total_packets=138, unique_hosts=1, unique_ports=0<\/td> <\/td><\/tr> dns_name<\/td> dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td> answer_count=0, qname=172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td> <\/td><\/tr> dns_name<\/td> dns:172-234-197-23.ip.linodeusercontent.com<\/td> answer_count=1, qname=172-234-197-23.ip.linodeusercontent.com<\/td> <\/td><\/tr> flow<\/td> flow:c63542b74c29<\/td> bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:0d727e2708b4<\/td> bytes=135,336, dst_ip=172.234.197.23, dst_port=443, pkts=138, proto=tcp, src_ip=199.16.157.182<\/td> <\/td><\/tr> flow<\/td> flow:88006e5933e9<\/td> bytes=236, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:d3ab3699f29d<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:53418f626ce5<\/td> bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:5091dda9661a<\/td> bytes=328, dst_ip=2.57.122.192, dst_port=0, pkts=4, proto=icmp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:da7065edff23<\/td> bytes=5,325, dst_ip=172.234.197.23, dst_port=443, pkts=20, proto=tcp, src_ip=144.76.23.47<\/td> <\/td><\/tr> flow<\/td> flow:c37aaecdcc9a<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:67799a4b0206<\/td> bytes=361, dst_ip=172.234.197.23, dst_port=443, pkts=5, proto=tcp, src_ip=199.16.157.182<\/td> <\/td><\/tr> flow<\/td> flow:d4998ce3363c<\/td> bytes=688, dst_ip=2.57.122.192, dst_port=15,596, pkts=8, proto=tcp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:c4e6a453e687<\/td> bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:42f1c8ab98a8<\/td> bytes=1,522, dst_ip=172.234.197.23, dst_port=80, pkts=12, proto=tcp, src_ip=78.153.140.148<\/td> <\/td><\/tr> flow<\/td> flow:2759e86a7e02<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:8f3f3aa1ab4a<\/td> bytes=292, dst_ip=2.57.122.196, dst_port=25,682, pkts=4, proto=tcp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:0a764492b76b<\/td> bytes=112, dst_ip=172.234.197.23, dst_port=10,006, pkts=2, proto=tcp, src_ip=45.79.109.130<\/td> <\/td><\/tr> flow<\/td> flow:a46be0b84889<\/td> bytes=132,030, dst_ip=172.234.197.23, dst_port=443, pkts=117, proto=tcp, src_ip=144.76.23.47<\/td> <\/td><\/tr> flow<\/td> flow:93cba7dfff64<\/td> bytes=134,913, dst_ip=172.234.197.23, dst_port=443, pkts=132, proto=tcp, src_ip=199.16.157.181<\/td> <\/td><\/tr> flow<\/td> flow:e426dc2add72<\/td> bytes=518, dst_ip=92.118.39.236, dst_port=3,210, pkts=5, proto=tcp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:81b8ace9a2e6<\/td> bytes=340, dst_ip=2.57.122.192, dst_port=0, pkts=4, proto=icmp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:99a9f8b7c5b3<\/td> bytes=186, dst_ip=172.234.197.23, dst_port=443, pkts=3, proto=tcp, src_ip=40.119.32.47<\/td> <\/td><\/tr> flow<\/td> flow:66bb27cf4c04<\/td> bytes=361, dst_ip=172.234.197.23, dst_port=443, pkts=5, proto=tcp, src_ip=199.16.157.183<\/td> <\/td><\/tr> flow<\/td> flow:991e601541a1<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:2c6c48655616<\/td> bytes=1,929, dst_ip=172.234.197.23, dst_port=443, pkts=9, proto=tcp, src_ip=97.139.12.85<\/td> <\/td><\/tr> flow<\/td> flow:0cab2ce4a41a<\/td> bytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117<\/td> <\/td><\/tr> flow<\/td> flow:6ac8bc7ce374<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:b9c87c3e6634<\/td> bytes=5,896, dst_ip=172.234.197.23, dst_port=22, pkts=31, proto=tcp, src_ip=92.118.39.236<\/td> <\/td><\/tr> flow<\/td> flow:3c416f42759a<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:5e470028e46b<\/td> bytes=172, dst_ip=59.6.77.80, dst_port=42,622, pkts=2, proto=tcp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:af46c51682fe<\/td> bytes=1,308, dst_ip=172.234.197.23, dst_port=80, pkts=10, proto=tcp, src_ip=78.153.140.148<\/td> <\/td><\/tr> flow<\/td> flow:1eaa2c354bb9<\/td> bytes=116, dst_ip=172.234.197.23, dst_port=5,432, pkts=2, proto=tcp, src_ip=35.233.68.173<\/td> <\/td><\/tr> flow<\/td> flow:d5c7343ffad3<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:236e160bf97b<\/td> bytes=6,414, dst_ip=172.234.197.23, dst_port=22, pkts=36, proto=tcp, src_ip=92.118.39.197<\/td> <\/td><\/tr> flow<\/td> flow:f834d92b87f4<\/td> bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:958f77dbf2ff<\/td> bytes=1,644,041, dst_ip=172.234.197.23, dst_port=443, pkts=1,245, proto=tcp, src_ip=97.139.12.85<\/td> <\/td><\/tr> flow<\/td> flow:f268f9985c23<\/td> bytes=236, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:43d87d43ebf2<\/td> bytes=172, dst_ip=59.6.77.80, dst_port=42,622, pkts=2, proto=tcp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:ffb24c296a2c<\/td> bytes=92, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=128.9.29.131<\/td> <\/td><\/tr> flow<\/td> flow:6485c04b666a<\/td> bytes=629, dst_ip=172.234.197.23, dst_port=22, pkts=9, proto=tcp, src_ip=8.222.219.23<\/td> <\/td><\/tr> flow<\/td> flow:4a465ec75db9<\/td> bytes=1,257, dst_ip=172.234.197.23, dst_port=80, pkts=10, proto=tcp, src_ip=66.228.53.204<\/td> <\/td><\/tr> flow<\/td> flow:743cca931674<\/td> bytes=6,930, dst_ip=172.234.197.23, dst_port=22, pkts=42, proto=tcp, src_ip=2.57.122.192<\/td> <\/td><\/tr> flow<\/td> flow:c8a7ee2a5fe9<\/td> bytes=164, dst_ip=2.57.122.196, dst_port=0, pkts=2, proto=icmp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:e62070b6aeb6<\/td> bytes=33,059, dst_ip=172.234.197.23, dst_port=443, pkts=39, proto=tcp, src_ip=66.228.53.204<\/td> <\/td><\/tr> flow<\/td> flow:4cb79ca168a0<\/td> bytes=135,474, dst_ip=172.234.197.23, dst_port=443, pkts=135, proto=tcp, src_ip=17.22.237.22<\/td> <\/td><\/tr> flow<\/td> flow:6f0c0a999555<\/td> bytes=19,222, dst_ip=97.139.12.85, dst_port=60,136, pkts=223, proto=tcp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:4eaa609c2624<\/td> bytes=35,346, dst_ip=172.234.197.23, dst_port=443, pkts=49, proto=tcp, src_ip=43.135.145.73<\/td> <\/td><\/tr> flow<\/td> flow:9b1def7bdac1<\/td> bytes=132, dst_ip=23.234.69.80, dst_port=18,249, pkts=2, proto=tcp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:fbf83df1b6b6<\/td> bytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117<\/td> <\/td><\/tr> flow<\/td> flow:b8c49dd508ec<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:9f56a1b92a85<\/td> bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23<\/td> <\/td><\/tr> flow<\/td> flow:10959da4f2fa<\/td> bytes=361, dst_ip=172.234.197.23, dst_port=443, pkts=5, proto=tcp, src_ip=199.16.157.181<\/td> <\/td><\/tr> flow<\/td> flow:c51bf5b097ea<\/td> bytes=135,310, dst_ip=172.234.197.23, dst_port=443, pkts=138, proto=tcp, src_ip=199.16.157.183<\/td> <\/td><\/tr> flow<\/td> flow:28bd443b2c5e<\/td> bytes=3,858, dst_ip=172.234.197.23, dst_port=443, pkts=15, proto=tcp, src_ip=46.38.236.138<\/td> <\/td><\/tr> flow<\/td> flow:4fa77a1ba33a<\/td> bytes=100, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=58.254.182.115<\/td> <\/td><\/tr> geo_point<\/td> geo_49.44230_11.01910<\/td> city=Nuremberg, country=DE<\/td> [49.4423, 11.0191, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_39.73910_-104.98660<\/td> city=Denver, country=US<\/td> [39.7391, -104.9866, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_50.85340_4.34700<\/td> city=Brussels, country=BE<\/td> [50.8534, 4.3470, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_33.99240_-118.39910<\/td> city=Culver City, country=US<\/td> [33.9924, -118.3991, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_37.56250_-122.00040<\/td> city=Fremont, country=US<\/td> [37.5625, -122.0004, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_1.29390_103.84610<\/td> city=Singapore, country=SG<\/td> [1.2939, 103.8461, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_45.99680_24.99700<\/td> city=, country=RO<\/td> [45.9968, 24.9970, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_1.36670_103.80000<\/td> city=, country=SG<\/td> [1.3667, 103.8000, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_29.81190_-95.52070<\/td> city=Houston, country=US<\/td> [29.8119, -95.5207, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_51.51640_-0.09300<\/td> city=City of London, country=GB<\/td> [51.5164, -0.0930, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_29.42270_-98.49270<\/td> city=San Antonio, country=US<\/td> [29.4227, -98.4927, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_37.54150_127.02520<\/td> city=Seongdong-gu, country=KR<\/td> [37.5415, 127.0252, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_33.76970_-84.37540<\/td> city=Atlanta, country=US<\/td> [33.7697, -84.3754, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_22.77850_115.34520<\/td> city=Shanwei, country=CN<\/td> [22.7785, 115.3452, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_37.75100_-97.82200<\/td> city=, country=US<\/td> [37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_50.47770_12.36490<\/td> city=Falkenstein, country=DE<\/td> [50.4777, 12.3649, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_37.35300_-121.95440<\/td> city=Santa Clara, country=US<\/td> [37.3530, -121.9544, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_32.94730_-96.70280<\/td> city=Richardson, country=US<\/td> [32.9473, -96.7028, 0.0000] \ud83c\udf10<\/td><\/tr> geo_point<\/td> geo_41.88350_-87.63050<\/td> city=Chicago, country=US<\/td> [41.8835, -87.6305, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:199.16.157.183<\/td> bytes=135,310, city=Atlanta, country=US, ip=199.16.157.183, org=Twitter Inc.<\/td> [33.7697, -84.3754, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:46.38.236.138<\/td> bytes=3,858, city=Nuremberg, country=DE, ip=46.38.236.138, org=netcup GmbH<\/td> [49.4423, 11.0191, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:97.139.12.85<\/td> bytes=19,222, city=Houston, country=US, ip=97.139.12.85, org=Verizon Business<\/td> [29.8119, -95.5207, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:92.118.39.197<\/td> bytes=6,414, city=, country=RO, ip=92.118.39.197, org=Unmanaged Ltd<\/td> [45.9968, 24.9970, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:78.153.140.148<\/td> bytes=1,308, city=City of London, country=GB, ip=78.153.140.148, org=Hostglobal.plus Ltd<\/td> [51.5164, -0.0930, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:2.57.122.196<\/td> bytes=164, city=, country=RO, ip=2.57.122.196, org=Unmanaged Ltd<\/td> [45.9968, 24.9970, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:2.57.122.192<\/td> bytes=340, city=, country=RO, ip=2.57.122.192, org=Unmanaged Ltd<\/td> [45.9968, 24.9970, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:23.234.69.80<\/td> bytes=132, city=Denver, country=US, ip=23.234.69.80, org=tzulo, inc.<\/td> [39.7391, -104.9866, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:58.254.182.115<\/td> bytes=100, city=Shanwei, country=CN, ip=58.254.182.115, org=China Unicom Guangdong IP network<\/td> [22.7785, 115.3452, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:144.76.23.47<\/td> bytes=132,030, city=Falkenstein, country=DE, ip=144.76.23.47, org=Hetzner Online GmbH<\/td> [50.4777, 12.3649, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:172.232.0.17<\/td> bytes=313, city=Chicago, country=US, ip=172.232.0.17, org=Akamai Connected Cloud<\/td> [41.8835, -87.6305, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:8.222.219.23<\/td> bytes=629, city=, country=SG, ip=8.222.219.23, org=Alibaba US Technology Co., Ltd.<\/td> [1.3667, 103.8000, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:59.6.77.80<\/td> bytes=172, city=Seongdong-gu, country=KR, ip=59.6.77.80, org=Korea Telecom<\/td> [37.5415, 127.0252, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:17.22.237.22<\/td> bytes=135,474, city=, country=US, ip=17.22.237.22, org=Apple Inc.<\/td> [37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:199.16.157.182<\/td> bytes=135,336, city=Atlanta, country=US, ip=199.16.157.182, org=Twitter Inc.<\/td> [33.7697, -84.3754, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:35.233.68.173<\/td> bytes=116, city=Brussels, country=BE, ip=35.233.68.173, org=Google LLC<\/td> [50.8534, 4.3470, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:45.79.109.130<\/td> bytes=112, city=Fremont, country=US, ip=45.79.109.130, org=Akamai Connected Cloud<\/td> [37.5625, -122.0004, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:92.118.39.236<\/td> bytes=5,896, city=, country=RO, ip=92.118.39.236, org=Unmanaged Ltd<\/td> [45.9968, 24.9970, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:43.135.145.73<\/td> bytes=35,346, city=Santa Clara, country=US, ip=43.135.145.73, org=Tencent Building, Kejizhongyi Avenue<\/td> [37.3530, -121.9544, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:128.9.29.131<\/td> bytes=92, city=Culver City, country=US, ip=128.9.29.131, org=University of Southern California<\/td> [33.9924, -118.3991, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:103.155.16.117<\/td> bytes=84, city=Singapore, country=SG, ip=103.155.16.117, org=Kaopu Cloud HK Limited<\/td> [1.2939, 103.8461, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:40.119.32.47<\/td> bytes=186, city=San Antonio, country=US, ip=40.119.32.47, org=Microsoft Corporation<\/td> [29.4227, -98.4927, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:172.234.197.23<\/td> bytes=313, city=Chicago, country=US, ip=172.234.197.23, org=Akamai Connected Cloud<\/td> [41.8835, -87.6305, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:199.16.157.181<\/td> bytes=134,913, city=Atlanta, country=US, ip=199.16.157.181, org=Twitter Inc.<\/td> [33.7697, -84.3754, 0.0000] \ud83c\udf10<\/td><\/tr> host<\/td> host:66.228.53.204<\/td> bytes=1,257, city=Richardson, country=US, ip=66.228.53.204, org=Akamai Connected Cloud<\/td> [32.9473, -96.7028, 0.0000] \ud83c\udf10<\/td><\/tr> http_host<\/td> http_host:172.234.197.23<\/td> host=172.234.197.23<\/td> <\/td><\/tr> org<\/td> org:Alibaba US Technology Co., Ltd.<\/td> name=Alibaba US Technology Co., Ltd.<\/td> <\/td><\/tr> org<\/td> org:University of Southern California<\/td> name=University of Southern California<\/td> <\/td><\/tr> org<\/td> org:Unmanaged Ltd<\/td> name=Unmanaged Ltd<\/td> <\/td><\/tr> org<\/td> org:Akamai Connected Cloud<\/td> name=Akamai Connected Cloud<\/td> <\/td><\/tr> org<\/td> org:Microsoft Corporation<\/td> name=Microsoft Corporation<\/td> <\/td><\/tr> org<\/td> org:China Unicom Guangdong IP network<\/td> name=China Unicom Guangdong IP network<\/td> <\/td><\/tr> org<\/td> org:Twitter Inc.<\/td> name=Twitter Inc.<\/td> <\/td><\/tr> org<\/td> org:Tencent Building, Kejizhongyi Avenue<\/td> name=Tencent Building, Kejizhongyi Avenue<\/td> <\/td><\/tr> org<\/td> org:Hostglobal.plus Ltd<\/td> name=Hostglobal.plus Ltd<\/td> <\/td><\/tr> org<\/td> org:Kaopu Cloud HK Limited<\/td> name=Kaopu Cloud HK Limited<\/td> <\/td><\/tr> org<\/td> org:Korea Telecom<\/td> name=Korea Telecom<\/td> <\/td><\/tr> org<\/td> org:Google LLC<\/td> name=Google LLC<\/td> <\/td><\/tr> org<\/td> org:Hetzner Online GmbH<\/td> name=Hetzner Online GmbH<\/td> <\/td><\/tr> org<\/td> org:Verizon Business<\/td> name=Verizon Business<\/td> <\/td><\/tr> org<\/td> org:Apple Inc.<\/td> name=Apple Inc.<\/td> <\/td><\/tr> org<\/td> org:netcup GmbH<\/td> name=netcup GmbH<\/td> <\/td><\/tr> org<\/td> org:tzulo, inc.<\/td> name=tzulo, inc.<\/td> <\/td><\/tr> pcap_artifact<\/td> PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> file_size=2,422,088, filename=DevOpsPage_20260423_1021pmCST.pcap, ingested_at=2026-04-24T03:28:32.249831+00:00<\/td> <\/td><\/tr> pcap_artifact<\/td> PCAP:capture_20260424160001:21dcec78926d<\/td> file_size=11,338, filename=capture_20260424160001.pcap, ingested_at=2026-04-24T17:52:47.023817+00:00<\/td> <\/td><\/tr> pcap_artifact<\/td> PCAP:capture_20260424170001:2a81081d173e<\/td> file_size=1,629, filename=capture_20260424170001.pcap, ingested_at=2026-04-24T17:52:49.492128+00:00<\/td> <\/td><\/tr> pcap_artifact<\/td> PCAP:capture_20260424150002:9b7ba46ff54d<\/td> file_size=49,665, filename=capture_20260424150002.pcap, ingested_at=2026-04-24T17:52:44.182060+00:00<\/td> <\/td><\/tr> pcap_artifact<\/td> PCAP:capture_20260424140001:b547b7157000<\/td> file_size=9,907, filename=capture_20260424140001.pcap, ingested_at=2026-04-24T17:52:41.883356+00:00<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:443<\/td> port=443, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:15596<\/td> port=15,596, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:42622<\/td> port=42,622, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:60136<\/td> port=60,136, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:22<\/td> port=22, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:18249<\/td> port=18,249, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:5432<\/td> port=5,432, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:udp:53<\/td> port=53, proto=udp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:3210<\/td> port=3,210, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:10006<\/td> port=10,006, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:25682<\/td> port=25,682, proto=tcp<\/td> <\/td><\/tr> port_hub<\/td> port:tcp:80<\/td> port=80, proto=tcp<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-c365d629ce285be9<\/td> event_type=TLS_SESSION, packet_count=5, session=SESSION-c365d629ce285be9<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-dbe1edd4efb49468<\/td> count=2, event_type=TCP_SYN, session=SESSION-dbe1edd4efb49468<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-801986a05f874d44<\/td> count=2, event_type=TCP_SYN, session=SESSION-801986a05f874d44<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-fc3f949cbddefabd<\/td> count=4, event_type=TCP_RST, session=SESSION-fc3f949cbddefabd<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-801986a05f874d44<\/td> event_type=TLS_SESSION, packet_count=39, session=SESSION-801986a05f874d44<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-132c0a35e55eb362<\/td> count=2, event_type=TCP_SYN, session=SESSION-132c0a35e55eb362<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-b6bccd19e88cac02<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-b6bccd19e88cac02<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-df0521ee237a9620<\/td> event_type=TLS_SESSION, packet_count=9, session=SESSION-df0521ee237a9620<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-32c3b80c2cc69cbc<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-32c3b80c2cc69cbc<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-6b6584907add35ca<\/td> event_type=TLS_SESSION, packet_count=49, session=SESSION-6b6584907add35ca<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-e5b926505913cd4c<\/td> count=2, event_type=TCP_SYN, session=SESSION-e5b926505913cd4c<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-d2ebf88e7456c490<\/td> count=2, event_type=TCP_SYN, session=SESSION-d2ebf88e7456c490<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-0938448bdcbd9d9c<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-0938448bdcbd9d9c<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-01a793e8041caae3<\/td> count=2, event_type=TCP_SYN, session=SESSION-01a793e8041caae3<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-2b16ad2cc059d584<\/td> count=2, event_type=TCP_SYN, session=SESSION-2b16ad2cc059d584<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-6b6584907add35ca<\/td> count=2, event_type=TCP_SYN, session=SESSION-6b6584907add35ca<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-7b48e5e7105113e9<\/td> count=2, event_type=TCP_SYN, session=SESSION-7b48e5e7105113e9<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-43328f9b50a5d423<\/td> event_type=TLS_SESSION, packet_count=3, session=SESSION-43328f9b50a5d423<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-f952d347444430eb<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-f952d347444430eb<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-07867b4b46fa60d0<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-07867b4b46fa60d0<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-e15010a8a1e57ef1<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-e15010a8a1e57ef1<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-01a793e8041caae3<\/td> event_type=TLS_SESSION, packet_count=117, session=SESSION-01a793e8041caae3<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-bd11a50065a6cb7c<\/td> event_type=TLS_SESSION, packet_count=20, session=SESSION-bd11a50065a6cb7c<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-43328f9b50a5d423<\/td> count=1, event_type=TCP_RST, session=SESSION-43328f9b50a5d423<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-137907a1c322972d<\/td> count=1, event_type=TCP_RST, session=SESSION-137907a1c322972d<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-f8e62b0ad557062a<\/td> event_type=TLS_SESSION, packet_count=5, session=SESSION-f8e62b0ad557062a<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-fb43e37656185293<\/td> count=2, event_type=TCP_RST, session=SESSION-fb43e37656185293<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-5ae5c17cec58f583<\/td> event_type=TLS_SESSION, packet_count=1,245, session=SESSION-5ae5c17cec58f583<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-a61d2aadfc894ab0<\/td> count=1, event_type=TCP_RST, session=SESSION-a61d2aadfc894ab0<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-d2ebf88e7456c490<\/td> count=1, event_type=TCP_RST, session=SESSION-d2ebf88e7456c490<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-ae4f295d1d4cff7e<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-ae4f295d1d4cff7e<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-8a981e11d869c723<\/td> event_type=TLS_SESSION, packet_count=5, session=SESSION-8a981e11d869c723<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-c52a62f7c65f2e1a<\/td> event_type=TLS_SESSION, packet_count=15, session=SESSION-c52a62f7c65f2e1a<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-e9f4a4a9c8d0d99f<\/td> event_type=TLS_SESSION, packet_count=138, session=SESSION-e9f4a4a9c8d0d99f<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-fc3f949cbddefabd<\/td> count=2, event_type=TCP_SYN, session=SESSION-fc3f949cbddefabd<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-c13e61513d1b018d<\/td> count=2, event_type=TCP_SYN, session=SESSION-c13e61513d1b018d<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-5f6379841834a338<\/td> count=4, event_type=TCP_RST, session=SESSION-5f6379841834a338<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-bd11a50065a6cb7c<\/td> count=2, event_type=TCP_RST, session=SESSION-bd11a50065a6cb7c<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-5b6e402ee019b6c1<\/td> count=1, event_type=TCP_RST, session=SESSION-5b6e402ee019b6c1<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-4efa693f129e7ca6<\/td> count=2, event_type=TCP_SYN, session=SESSION-4efa693f129e7ca6<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-03ccec65d79829da<\/td> count=2, event_type=TCP_SYN, session=SESSION-03ccec65d79829da<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-dd03efe0b367bd0d<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-dd03efe0b367bd0d<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-124f188fc662f45b<\/td> event_type=TLS_SESSION, packet_count=138, session=SESSION-124f188fc662f45b<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-7b48e5e7105113e9<\/td> event_type=TLS_SESSION, packet_count=132, session=SESSION-7b48e5e7105113e9<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-c52a62f7c65f2e1a<\/td> count=2, event_type=TCP_SYN, session=SESSION-c52a62f7c65f2e1a<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-5846cd006f1eacb7<\/td> count=1, event_type=TCP_RST, session=SESSION-5846cd006f1eacb7<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-47d044a3990fe914<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-47d044a3990fe914<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-fe2be36828e6c4a2<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-fe2be36828e6c4a2<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-e9f4a4a9c8d0d99f<\/td> count=2, event_type=TCP_SYN, session=SESSION-e9f4a4a9c8d0d99f<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-01a793e8041caae3<\/td> count=2, event_type=TCP_RST, session=SESSION-01a793e8041caae3<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-e7ac586ca0d0ef0f<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-e7ac586ca0d0ef0f<\/td> <\/td><\/tr> protocol_event<\/td> pe:tls:SESSION-2b16ad2cc059d584<\/td> event_type=TLS_SESSION, packet_count=135, session=SESSION-2b16ad2cc059d584<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-124f188fc662f45b<\/td> count=2, event_type=TCP_SYN, session=SESSION-124f188fc662f45b<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-2f842951575bb476<\/td> count=2, event_type=TCP_SYN, session=SESSION-2f842951575bb476<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-bd11a50065a6cb7c<\/td> count=2, event_type=TCP_SYN, session=SESSION-bd11a50065a6cb7c<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-7f4ca9b0d8673927<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-7f4ca9b0d8673927<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-5846cd006f1eacb7<\/td> count=1, event_type=TCP_SYN, session=SESSION-5846cd006f1eacb7<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-2d3d727470c1d931<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-2d3d727470c1d931<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-03ccec65d79829da<\/td> count=2, event_type=TCP_RST, session=SESSION-03ccec65d79829da<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-bcd7e2d1fd452ee5<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-bcd7e2d1fd452ee5<\/td> <\/td><\/tr> protocol_event<\/td> pe:dns:SESSION-72c3b3d3b2889ec2<\/td> event_type=DNS_EXCHANGE, query_count=2, session=SESSION-72c3b3d3b2889ec2<\/td> <\/td><\/tr> protocol_event<\/td> pe:syn:SESSION-43328f9b50a5d423<\/td> count=2, event_type=TCP_SYN, session=SESSION-43328f9b50a5d423<\/td> <\/td><\/tr> protocol_event<\/td> pe:rst:SESSION-6b6584907add35ca<\/td> count=2, event_type=TCP_RST, session=SESSION-6b6584907add35ca<\/td> <\/td><\/tr> service<\/td> svc:https<\/td> name=https<\/td> <\/td><\/tr> service<\/td> svc:postgres<\/td> name=postgres<\/td> <\/td><\/tr> service<\/td> svc:ssh<\/td> name=ssh<\/td> <\/td><\/tr> service<\/td> svc:http<\/td> name=http<\/td> <\/td><\/tr> service<\/td> svc:dns<\/td> name=dns<\/td> <\/td><\/tr> session<\/td> SESSION-fe2be36828e6c4a2<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0.07, end_time=1,777,046,401.879, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=32,873, start_time=1,777,046,401.806, tcp_flags=, time_bucket=1,777,046,400, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-d2ebf88e7456c490<\/td> dst_ip=172.234.197.23, dst_port=22, duration_sec=13.93, end_time=1,777,046,420.278, expected_protocol=ssh, packet_count=36, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=92.118.39.197, src_port=24,330, start_time=1,777,046,406.352, tcp_flags=S,R,A,P, time_bucket=1,777,046,400, total_bytes=6,414, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-4efa693f129e7ca6<\/td> dst_ip=172.234.197.23, dst_port=80, duration_sec=0.37, end_time=1,777,042,846.646, expected_protocol=http, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=66.228.53.204, src_port=45,210, start_time=1,777,042,846.28, tcp_flags=F,S,A,P, time_bucket=1,777,042,830, total_bytes=1,257, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-8b6b3bfbd3509f3d<\/td> dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,046,408.254, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,777,046,408.254, tcp_flags=, time_bucket=1,777,046,400, total_bytes=84, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-32c3b80c2cc69cbc<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0.01, end_time=1,777,001,016.747, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=50,382, start_time=1,777,001,016.738, tcp_flags=, time_bucket=1,777,001,010, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-fb43e37656185293<\/td> dst_ip=2.57.122.196, dst_port=25,682, duration_sec=11.92, end_time=1,777,046,416.056, expected_protocol=unregistered:25682, packet_count=4, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,046,404.138, tcp_flags=F,A,R,P, time_bucket=1,777,046,400, total_bytes=292, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-bcd7e2d1fd452ee5<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,039,201.305, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=41,260, start_time=1,777,039,201.303, tcp_flags=, time_bucket=1,777,039,200, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-137907a1c322972d<\/td> dst_ip=59.6.77.80, dst_port=42,622, duration_sec=0.18, end_time=1,777,046,407.387, expected_protocol=unregistered:42622, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,046,407.21, tcp_flags=A,R,P, time_bucket=1,777,046,400, total_bytes=172, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-bd11a50065a6cb7c<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.64, end_time=1,777,001,062.142, expected_protocol=https, packet_count=20, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=144.76.23.47, src_port=35,182, start_time=1,777,001,061.501, tcp_flags=S,P,R,A,F, time_bucket=1,777,001,040, total_bytes=5,325, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-5f6379841834a338<\/td> dst_ip=2.57.122.192, dst_port=15,596, duration_sec=19.71, end_time=1,777,042,849.963, expected_protocol=unregistered:15596, packet_count=8, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,042,830.25, tcp_flags=A,R,P, time_bucket=1,777,042,830, total_bytes=688, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-2b16ad2cc059d584<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.45, end_time=1,777,001,066.756, expected_protocol=https, packet_count=135, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=17.22.237.22, src_port=58,880, start_time=1,777,001,066.309, tcp_flags=S,A,P, time_bucket=1,777,001,040, total_bytes=135,474, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-c13e61513d1b018d<\/td> dst_ip=172.234.197.23, dst_port=80, duration_sec=0.61, end_time=1,777,042,843.004, expected_protocol=http, packet_count=12, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=78.153.140.148, src_port=36,992, start_time=1,777,042,842.39, tcp_flags=F,S,A,P, time_bucket=1,777,042,830, total_bytes=1,522, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-0afee6a6d9f48fa0<\/td> dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,039,207.991, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,777,039,207.99, tcp_flags=, time_bucket=1,777,039,200, total_bytes=84, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-07867b4b46fa60d0<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0.04, end_time=1,777,042,802.086, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=43,269, start_time=1,777,042,802.049, tcp_flags=, time_bucket=1,777,042,800, total_bytes=313, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-a61d2aadfc894ab0<\/td> dst_ip=92.118.39.236, dst_port=3,210, duration_sec=2.31, end_time=1,777,039,232.812, expected_protocol=unregistered:3210, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,039,230.5, tcp_flags=A,R,P, time_bucket=1,777,039,230, total_bytes=518, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-df9c042eed58d783<\/td> dst_ip=2.57.122.196, duration_sec=11.79, end_time=1,777,046,416.056, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,777,046,404.268, tcp_flags=, time_bucket=1,777,046,400, total_bytes=164, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-549cd508c26f4eff<\/td> dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,042,828.421, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=128.9.29.131, start_time=1,777,042,828.421, tcp_flags=, time_bucket=1,777,042,800, total_bytes=92, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-0938448bdcbd9d9c<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,039,201.307, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=48,999, start_time=1,777,039,201.305, tcp_flags=, time_bucket=1,777,039,200, total_bytes=313, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-6b6584907add35ca<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=1.49, end_time=1,777,001,063.822, expected_protocol=https, packet_count=49, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=43.135.145.73, src_port=45,930, start_time=1,777,001,062.334, tcp_flags=S,P,R,A,F, time_bucket=1,777,001,040, total_bytes=35,346, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-e7ac586ca0d0ef0f<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0.01, end_time=1,777,046,401.888, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=35,015, start_time=1,777,046,401.88, tcp_flags=, time_bucket=1,777,046,400, total_bytes=313, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-132c0a35e55eb362<\/td> dst_ip=23.234.69.80, dst_port=18,249, duration_sec=16.38, end_time=1,777,042,825.77, expected_protocol=unregistered:18249, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=80, start_time=1,777,042,809.386, tcp_flags=S,A, time_bucket=1,777,042,800, total_bytes=132, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-5846cd006f1eacb7<\/td> dst_ip=172.234.197.23, dst_port=10,006, duration_sec=0, end_time=1,777,046,420.988, expected_protocol=unregistered:10006, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=45.79.109.130, src_port=48,728, start_time=1,777,046,420.988, tcp_flags=S,R,A, time_bucket=1,777,046,400, total_bytes=112, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-e5b926505913cd4c<\/td> dst_ip=172.234.197.23, dst_port=22, duration_sec=13.71, end_time=1,777,039,226.4, expected_protocol=ssh, packet_count=31, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=92.118.39.236, src_port=3,210, start_time=1,777,039,212.694, tcp_flags=S,A,P, time_bucket=1,777,039,200, total_bytes=5,896, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-b6bccd19e88cac02<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,042,846.563, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=48,760, start_time=1,777,042,846.563, tcp_flags=, time_bucket=1,777,042,830, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-b6e59bfdb17a240e<\/td> dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,039,247.343, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=58.254.182.115, start_time=1,777,039,247.343, tcp_flags=, time_bucket=1,777,039,230, total_bytes=100, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-f952d347444430eb<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,001,058.242, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=56,995, start_time=1,777,001,058.24, tcp_flags=, time_bucket=1,777,001,040, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-c365d629ce285be9<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.02, end_time=1,777,001,043.285, expected_protocol=https, packet_count=5, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=199.16.157.183, src_port=37,692, start_time=1,777,001,043.263, tcp_flags=F,A,P, time_bucket=1,777,001,040, total_bytes=361, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-03ccec65d79829da<\/td> dst_ip=172.234.197.23, dst_port=22, duration_sec=0.41, end_time=1,777,046,426.077, expected_protocol=ssh, packet_count=9, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=8.222.219.23, src_port=57,194, start_time=1,777,046,425.667, tcp_flags=S,P,R,A,F, time_bucket=1,777,046,400, total_bytes=629, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-7b48e5e7105113e9<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.76, end_time=1,777,001,034.15, expected_protocol=https, packet_count=132, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=199.16.157.181, src_port=60,850, start_time=1,777,001,033.387, tcp_flags=S,C,P,E,A, time_bucket=1,777,001,010, total_bytes=134,913, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-f8e62b0ad557062a<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.02, end_time=1,777,001,043.282, expected_protocol=https, packet_count=5, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=199.16.157.181, src_port=60,850, start_time=1,777,001,043.261, tcp_flags=F,A,P, time_bucket=1,777,001,040, total_bytes=361, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-dbe1edd4efb49468<\/td> dst_ip=172.234.197.23, dst_port=5,432, duration_sec=0.34, end_time=1,777,039,209.21, expected_protocol=unregistered:5432, packet_count=2, proto=TCP, protocol_anomaly_score=0.3, protocol_violations=tcp_syn_only, protocols=TCP, src_ip=35.233.68.173, src_port=55,170, start_time=1,777,039,208.865, tcp_flags=S, time_bucket=1,777,039,200, total_bytes=116, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-c52a62f7c65f2e1a<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.46, end_time=1,777,001,022.849, expected_protocol=https, packet_count=15, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=46.38.236.138, src_port=44,430, start_time=1,777,001,022.385, tcp_flags=F,S,A,P, time_bucket=1,777,001,010, total_bytes=3,858, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-124f188fc662f45b<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.8, end_time=1,777,001,034.181, expected_protocol=https, packet_count=138, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=199.16.157.183, src_port=37,692, start_time=1,777,001,033.383, tcp_flags=S,C,P,E,A, time_bucket=1,777,001,010, total_bytes=135,310, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-01a793e8041caae3<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.91, end_time=1,777,001,063.072, expected_protocol=https, packet_count=117, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=144.76.23.47, src_port=35,198, start_time=1,777,001,062.158, tcp_flags=S,P,R,A,F, time_bucket=1,777,001,040, total_bytes=132,030, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-7f4ca9b0d8673927<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,001,059.244, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=35,224, start_time=1,777,001,059.243, tcp_flags=, time_bucket=1,777,001,040, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-43328f9b50a5d423<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.04, end_time=1,777,001,058.004, expected_protocol=https, packet_count=3, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=40.119.32.47, src_port=33,387, start_time=1,777,001,057.961, tcp_flags=S,R,A, time_bucket=1,777,001,040, total_bytes=186, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-e9f4a4a9c8d0d99f<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.79, end_time=1,777,001,034.188, expected_protocol=https, packet_count=138, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=199.16.157.182, src_port=44,512, start_time=1,777,001,033.396, tcp_flags=S,C,P,E,A, time_bucket=1,777,001,010, total_bytes=135,336, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-e15010a8a1e57ef1<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,001,021.15, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=33,893, start_time=1,777,001,021.15, tcp_flags=, time_bucket=1,777,001,010, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-5ae5c17cec58f583<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=8.13, end_time=1,777,001,021.781, expected_protocol=https, packet_count=1,245, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=97.139.12.85, src_port=50,857, start_time=1,777,001,013.654, tcp_flags=A,P, time_bucket=1,777,001,010, total_bytes=1,644,041, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-ae4f295d1d4cff7e<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,042,802.049, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=47,200, start_time=1,777,042,802.047, tcp_flags=, time_bucket=1,777,042,800, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-2d3d727470c1d931<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,046,401.894, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=58,940, start_time=1,777,046,401.889, tcp_flags=, time_bucket=1,777,046,400, total_bytes=236, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-df0521ee237a9620<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=1.2, end_time=1,777,001,059.345, expected_protocol=https, packet_count=9, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=97.139.12.85, src_port=50,857, start_time=1,777,001,058.141, tcp_flags=A,P, time_bucket=1,777,001,040, total_bytes=1,929, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-47d044a3990fe914<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,039,201.309, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=33,100, start_time=1,777,039,201.308, tcp_flags=, time_bucket=1,777,039,200, total_bytes=236, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-5b6e402ee019b6c1<\/td> dst_ip=59.6.77.80, dst_port=42,622, duration_sec=0.18, end_time=1,777,046,435.035, expected_protocol=unregistered:42622, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,046,434.858, tcp_flags=A,R,P, time_bucket=1,777,046,430, total_bytes=172, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-fc3f949cbddefabd<\/td> dst_ip=172.234.197.23, dst_port=22, duration_sec=19.47, end_time=1,777,042,828.971, expected_protocol=ssh, packet_count=42, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=2.57.122.192, src_port=15,596, start_time=1,777,042,809.502, tcp_flags=S,R,A,P, time_bucket=1,777,042,800, total_bytes=6,930, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-dd03efe0b367bd0d<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,050,001.535, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=44,159, start_time=1,777,050,001.533, tcp_flags=, time_bucket=1,777,050,000, total_bytes=282, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-46adfbb34624e2be<\/td> dst_ip=2.57.122.192, duration_sec=1.41, end_time=1,777,042,828.971, expected_protocol=unregistered:0, packet_count=4, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,777,042,827.563, tcp_flags=, time_bucket=1,777,042,800, total_bytes=340, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-1f6be4d567980bce<\/td> dst_ip=2.57.122.192, duration_sec=19.58, end_time=1,777,042,849.963, expected_protocol=unregistered:0, packet_count=4, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,777,042,830.379, tcp_flags=, time_bucket=1,777,042,830, total_bytes=328, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-1ca6064244966ba9<\/td> dst_ip=97.139.12.85, dst_port=60,136, duration_sec=3.11, end_time=1,777,001,015.056, expected_protocol=unregistered:60136, packet_count=223, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,777,001,011.941, tcp_flags=A,P, time_bucket=1,777,001,010, total_bytes=19,222, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-2f842951575bb476<\/td> dst_ip=172.234.197.23, dst_port=80, duration_sec=0.61, end_time=1,777,042,842.573, expected_protocol=http, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=78.153.140.148, src_port=36,982, start_time=1,777,042,841.964, tcp_flags=F,S,A,P, time_bucket=1,777,042,830, total_bytes=1,308, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-801986a05f874d44<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.32, end_time=1,777,042,846.646, expected_protocol=https, packet_count=39, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=66.228.53.204, src_port=8,050, start_time=1,777,042,846.325, tcp_flags=F,S,A,P, time_bucket=1,777,042,830, total_bytes=33,059, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-8a981e11d869c723<\/td> dst_ip=172.234.197.23, dst_port=443, duration_sec=0.03, end_time=1,777,001,043.437, expected_protocol=https, packet_count=5, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=199.16.157.182, src_port=44,512, start_time=1,777,001,043.41, tcp_flags=F,A,P, time_bucket=1,777,001,040, total_bytes=361, window_sec=30<\/td> <\/td><\/tr> session<\/td> SESSION-72c3b3d3b2889ec2<\/td> dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,050,001.537, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=38,984, start_time=1,777,050,001.535, tcp_flags=, time_bucket=1,777,050,000, total_bytes=313, window_sec=30<\/td> <\/td><\/tr> tls_sni<\/td> tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td> sni=172-234-197-23.ip.linodeusercontent.com
<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nKind<\/th> ID<\/th> Nodes<\/th><\/tr><\/thead> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-2b16ad2cc059d584:host:172.234.197.23<\/td> SESSION-2b16ad2cc059d584 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-7f4ca9b0d8673927:host:172.234.197.23<\/td> SESSION-7f4ca9b0d8673927 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-fc3f949cbddefabd:host:172.234.197.23<\/td> SESSION-fc3f949cbddefabd \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-1ca6064244966ba9:host:172.234.197.23<\/td> SESSION-1ca6064244966ba9 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:b8c49dd508ec:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:b8c49dd508ec \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:13414:org:Twitter Inc.<\/td> asn:13414 \u2192 org:Twitter Inc.<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-6b6584907add35ca:SESSION-6b6584907add35ca<\/td> SESSION-6b6584907add35ca \u2192 pe:rst:SESSION-6b6584907add35ca<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-5846cd006f1eacb7:host:172.234.197.23<\/td> SESSION-5846cd006f1eacb7 \u2192 host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:35.233.68.173:asn:396982<\/td> host:35.233.68.173 \u2192 asn:396982<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-c365d629ce285be9:host:199.16.157.183<\/td> SESSION-c365d629ce285be9 \u2192 host:199.16.157.183<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-6b6584907add35ca:host:43.135.145.73<\/td> SESSION-6b6584907add35ca \u2192 host:43.135.145.73<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%<\/td> e:bsg:SESSION-5ae5c17cec58f583:BSG-DATA_EXFIL-58becbf84c75<\/td> SESSION-5ae5c17cec58f583 \u2192 BSG-DATA_EXFIL-58becbf84c75<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-124f188fc662f45b:SESSION-124f188fc662f45b<\/td> SESSION-124f188fc662f45b \u2192 pe:syn:SESSION-124f188fc662f45b<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:9f56a1b92a85:port:udp:53<\/td> flow:9f56a1b92a85 \u2192 port:udp:53<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-b6bccd19e88cac02:host:172.232.0.17<\/td> SESSION-b6bccd19e88cac02 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td> e:bsg:SESSION-fe2be36828e6c4a2:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-fe2be36828e6c4a2 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-dd03efe0b367bd0d:host:172.234.197.23<\/td> SESSION-dd03efe0b367bd0d \u2192 host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:59.6.77.80:asn:4766<\/td> host:59.6.77.80 \u2192 asn:4766<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-bcd7e2d1fd452ee5:host:172.234.197.23<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:17.22.237.22:geo_37.75100_-97.82200<\/td> host:17.22.237.22 \u2192 geo_37.75100_-97.82200<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-d2ebf88e7456c490:host:172.234.197.23<\/td> SESSION-d2ebf88e7456c490 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-e9f4a4a9c8d0d99f:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-32c3b80c2cc69cbc:SESSION-32c3b80c2cc69cbc<\/td> SESSION-32c3b80c2cc69cbc \u2192 pe:dns:SESSION-32c3b80c2cc69cbc<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-5846cd006f1eacb7:SESSION-5846cd006f1eacb7<\/td> SESSION-5846cd006f1eacb7 \u2192 pe:rst:SESSION-5846cd006f1eacb7<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-7b48e5e7105113e9:SESSION-7b48e5e7105113e9<\/td> SESSION-7b48e5e7105113e9 \u2192 pe:tls:SESSION-7b48e5e7105113e9<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-f8e62b0ad557062a:host:199.16.157.181:host:172.234.197.23<\/td> SESSION-f8e62b0ad557062a \u2192 host:199.16.157.181 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:f834d92b87f4:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td> flow:f834d92b87f4 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-03ccec65d79829da:SESSION-03ccec65d79829da<\/td> SESSION-03ccec65d79829da \u2192 pe:rst:SESSION-03ccec65d79829da<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-2f842951575bb476:host:172.234.197.23<\/td> SESSION-2f842951575bb476 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-df9c042eed58d783:flow:c8a7ee2a5fe9<\/td> SESSION-df9c042eed58d783 \u2192 flow:c8a7ee2a5fe9<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-8b6b3bfbd3509f3d:host:103.155.16.117:host:172.234.197.23<\/td> SESSION-8b6b3bfbd3509f3d \u2192 host:103.155.16.117 \u2192 host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:43.135.145.73:asn:132203<\/td> host:43.135.145.73 \u2192 asn:132203<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-4efa693f129e7ca6:SESSION-4efa693f129e7ca6<\/td> SESSION-4efa693f129e7ca6 \u2192 pe:syn:SESSION-4efa693f129e7ca6<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-f952d347444430eb:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-f952d347444430eb \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-b6e59bfdb17a240e:PCAP:capture_20260424140001:b547b7157000<\/td> SESSION-b6e59bfdb17a240e \u2192 PCAP:capture_20260424140001:b547b7157000<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:88006e5933e9:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:88006e5933e9 \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:8.222.219.23:asn:45102<\/td> host:8.222.219.23 \u2192 asn:45102<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-fc3f949cbddefabd:flow:743cca931674<\/td> SESSION-fc3f949cbddefabd \u2192 flow:743cca931674<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:67799a4b0206:port:tcp:443<\/td> flow:67799a4b0206 \u2192 port:tcp:443<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-a61d2aadfc894ab0:host:92.118.39.236<\/td> SESSION-a61d2aadfc894ab0 \u2192 host:92.118.39.236<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-a61d2aadfc894ab0:flow:e426dc2add72<\/td> SESSION-a61d2aadfc894ab0 \u2192 flow:e426dc2add72<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-8a981e11d869c723:host:199.16.157.182<\/td> SESSION-8a981e11d869c723 \u2192 host:199.16.157.182<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-bcd7e2d1fd452ee5:host:172.232.0.17<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-2f842951575bb476:flow:af46c51682fe<\/td> SESSION-2f842951575bb476 \u2192 flow:af46c51682fe<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-132c0a35e55eb362:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-132c0a35e55eb362 \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-fc3f949cbddefabd:SESSION-fc3f949cbddefabd<\/td> SESSION-fc3f949cbddefabd \u2192 pe:syn:SESSION-fc3f949cbddefabd<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-72c3b3d3b2889ec2:SESSION-72c3b3d3b2889ec2<\/td> SESSION-72c3b3d3b2889ec2 \u2192 pe:dns:SESSION-72c3b3d3b2889ec2<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-46adfbb34624e2be:host:172.234.197.23<\/td> SESSION-46adfbb34624e2be \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-df0521ee237a9620:host:97.139.12.85:host:172.234.197.23<\/td> SESSION-df0521ee237a9620 \u2192 host:97.139.12.85 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-f8e62b0ad557062a:SESSION-f8e62b0ad557062a<\/td> SESSION-f8e62b0ad557062a \u2192 pe:tls:SESSION-f8e62b0ad557062a<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:1eaa2c354bb9:port:tcp:5432<\/td> flow:1eaa2c354bb9 \u2192 port:tcp:5432<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-ae4f295d1d4cff7e:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-ae4f295d1d4cff7e \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:97.139.12.85:geo_29.81190_-95.52070<\/td> host:97.139.12.85 \u2192 geo_29.81190_-95.52070<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-2f842951575bb476:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-2f842951575bb476 \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-2f842951575bb476:host:172.234.197.23<\/td> SESSION-2f842951575bb476 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-2f842951575bb476:host:78.153.140.148<\/td> SESSION-2f842951575bb476 \u2192 host:78.153.140.148<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-c365d629ce285be9:flow:66bb27cf4c04<\/td> SESSION-c365d629ce285be9 \u2192 flow:66bb27cf4c04<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-137907a1c322972d:host:59.6.77.80<\/td> SESSION-137907a1c322972d \u2192 host:59.6.77.80<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-e9f4a4a9c8d0d99f:SESSION-e9f4a4a9c8d0d99f<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 pe:tls:SESSION-e9f4a4a9c8d0d99f<\/td><\/tr> flow_observed4-aryOBS<\/td> e:fo:flow:e426dc2add72<\/td> flow:e426dc2add72 \u2192 host:172.234.197.23 \u2192 host:92.118.39.236 \u2192 port:tcp:3210<\/td><\/tr> flow_observed4-aryOBS<\/td> e:fo:flow:9b1def7bdac1<\/td> flow:9b1def7bdac1 \u2192 host:172.234.197.23 \u2192 host:23.234.69.80 \u2192 port:tcp:18249<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-bcd7e2d1fd452ee5:host:172.232.0.17<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-bcd7e2d1fd452ee5:PCAP:capture_20260424140001:b547b7157000<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 PCAP:capture_20260424140001:b547b7157000<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-03ccec65d79829da:flow:6485c04b666a<\/td> SESSION-03ccec65d79829da \u2192 flow:6485c04b666a<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:c37aaecdcc9a<\/td> flow:c37aaecdcc9a \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-b6bccd19e88cac02:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-b6bccd19e88cac02 \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-4efa693f129e7ca6:host:66.228.53.204:host:172.234.197.23<\/td> SESSION-4efa693f129e7ca6 \u2192 host:66.228.53.204 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-43328f9b50a5d423:SESSION-43328f9b50a5d423<\/td> SESSION-43328f9b50a5d423 \u2192 pe:rst:SESSION-43328f9b50a5d423<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:202306:org:Hostglobal.plus Ltd<\/td> asn:202306 \u2192 org:Hostglobal.plus Ltd<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:958f77dbf2ff:port:tcp:443<\/td> flow:958f77dbf2ff \u2192 port:tcp:443<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-c365d629ce285be9:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-c365d629ce285be9 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-b6bccd19e88cac02:host:172.234.197.23<\/td> SESSION-b6bccd19e88cac02 \u2192 host:172.234.197.23<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:e62070b6aeb6<\/td> flow:e62070b6aeb6 \u2192 host:66.228.53.204 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:53418f626ce5:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td> flow:53418f626ce5 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:144.76.23.47:geo_50.47770_12.36490<\/td> host:144.76.23.47 \u2192 geo_50.47770_12.36490<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-01a793e8041caae3:host:144.76.23.47<\/td> SESSION-01a793e8041caae3 \u2192 host:144.76.23.47<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:172.232.0.17:geo_41.88350_-87.63050<\/td> host:172.232.0.17 \u2192 geo_41.88350_-87.63050<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:b9c87c3e6634:port:tcp:22<\/td> flow:b9c87c3e6634 \u2192 port:tcp:22<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-801986a05f874d44:host:66.228.53.204<\/td> SESSION-801986a05f874d44 \u2192 host:66.228.53.204<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-124f188fc662f45b:host:199.16.157.183<\/td> SESSION-124f188fc662f45b \u2192 host:199.16.157.183<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-801986a05f874d44:flow:e62070b6aeb6<\/td> SESSION-801986a05f874d44 \u2192 flow:e62070b6aeb6<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-df9c042eed58d783:host:172.234.197.23:host:2.57.122.196<\/td> SESSION-df9c042eed58d783 \u2192 host:172.234.197.23 \u2192 host:2.57.122.196<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-0afee6a6d9f48fa0:host:103.155.16.117:host:172.234.197.23<\/td> SESSION-0afee6a6d9f48fa0 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-43328f9b50a5d423:SESSION-43328f9b50a5d423<\/td> SESSION-43328f9b50a5d423 \u2192 pe:tls:SESSION-43328f9b50a5d423<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-1ca6064244966ba9:host:97.139.12.85<\/td> SESSION-1ca6064244966ba9 \u2192 host:97.139.12.85<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-124f188fc662f45b:host:172.234.197.23<\/td> SESSION-124f188fc662f45b \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:92.118.39.197:geo_45.99680_24.99700<\/td> host:92.118.39.197 \u2192 geo_45.99680_24.99700<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:f268f9985c23<\/td> flow:f268f9985c23 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-4efa693f129e7ca6:flow:4a465ec75db9<\/td> SESSION-4efa693f129e7ca6 \u2192 flow:4a465ec75db9<\/td><\/tr> flow_observed4-aryOBS<\/td> e:fo:flow:d4998ce3363c<\/td> flow:d4998ce3363c \u2192 host:172.234.197.23 \u2192 host:2.57.122.192 \u2192 port:tcp:15596<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:66.228.53.204:asn:63949<\/td> host:66.228.53.204 \u2192 asn:63949<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:46.38.236.138:asn:197540<\/td> host:46.38.236.138 \u2192 asn:197540<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-f952d347444430eb:host:172.232.0.17<\/td> SESSION-f952d347444430eb \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-5ae5c17cec58f583:flow:958f77dbf2ff<\/td> SESSION-5ae5c17cec58f583 \u2192 flow:958f77dbf2ff<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:2c6c48655616:port:tcp:443<\/td> flow:2c6c48655616 \u2192 port:tcp:443<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:2.57.122.192:geo_45.99680_24.99700<\/td> host:2.57.122.192 \u2192 geo_45.99680_24.99700<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-03ccec65d79829da:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-03ccec65d79829da \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:88006e5933e9<\/td> flow:88006e5933e9 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-5b6e402ee019b6c1:host:59.6.77.80<\/td> SESSION-5b6e402ee019b6c1 \u2192 host:59.6.77.80<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:23.234.69.80:geo_39.73910_-104.98660<\/td> host:23.234.69.80 \u2192 geo_39.73910_-104.98660<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-7f4ca9b0d8673927:host:172.234.197.23<\/td> SESSION-7f4ca9b0d8673927 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:d3ab3699f29d:port:udp:53<\/td> flow:d3ab3699f29d \u2192 port:udp:53<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-0938448bdcbd9d9c:host:172.234.197.23<\/td> SESSION-0938448bdcbd9d9c \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-7b48e5e7105113e9:host:199.16.157.181:host:172.234.197.23<\/td> SESSION-7b48e5e7105113e9 \u2192 host:199.16.157.181 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-0938448bdcbd9d9c:host:172.232.0.17<\/td> SESSION-0938448bdcbd9d9c \u2192 host:172.232.0.17<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-7b48e5e7105113e9:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-7b48e5e7105113e9 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-fc3f949cbddefabd:host:2.57.122.192:host:172.234.197.23<\/td> SESSION-fc3f949cbddefabd \u2192 host:2.57.122.192 \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:128.9.29.131:geo_33.99240_-118.39910<\/td> host:128.9.29.131 \u2192 geo_33.99240_-118.39910<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-132c0a35e55eb362:host:23.234.69.80<\/td> SESSION-132c0a35e55eb362 \u2192 host:23.234.69.80<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-8a981e11d869c723:host:172.234.197.23<\/td> SESSION-8a981e11d869c723 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-fc3f949cbddefabd:host:2.57.122.192<\/td> SESSION-fc3f949cbddefabd \u2192 host:2.57.122.192<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-5ae5c17cec58f583:host:172.234.197.23<\/td> SESSION-5ae5c17cec58f583 \u2192 host:172.234.197.23<\/td><\/tr> PORT_IMPLIED_SERVICEIMP 70%<\/td> e:ps:port:tcp:5432:svc:postgres<\/td> port:tcp:5432 \u2192 svc:postgres<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:af46c51682fe:port:tcp:80<\/td> flow:af46c51682fe \u2192 port:tcp:80<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-6b6584907add35ca:host:172.234.197.23<\/td> SESSION-6b6584907add35ca \u2192 host:172.234.197.23<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td> e:bsg:SESSION-0938448bdcbd9d9c:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-0938448bdcbd9d9c \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-43328f9b50a5d423:SESSION-43328f9b50a5d423<\/td> SESSION-43328f9b50a5d423 \u2192 pe:syn:SESSION-43328f9b50a5d423<\/td><\/tr> FLOW_TLS_SNIOBS<\/td> e:fs:flow:4eaa609c2624:tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td> flow:4eaa609c2624 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-dd03efe0b367bd0d:SESSION-dd03efe0b367bd0d<\/td> SESSION-dd03efe0b367bd0d \u2192 pe:dns:SESSION-dd03efe0b367bd0d<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-ae4f295d1d4cff7e:host:172.232.0.17<\/td> SESSION-ae4f295d1d4cff7e \u2192 host:172.232.0.17<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:af46c51682fe<\/td> flow:af46c51682fe \u2192 host:78.153.140.148 \u2192 host:172.234.197.23 \u2192 port:tcp:80 \u2192 svc:http<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-137907a1c322972d:host:172.234.197.23:host:59.6.77.80<\/td> SESSION-137907a1c322972d \u2192 host:172.234.197.23 \u2192 host:59.6.77.80<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-fb43e37656185293:host:2.57.122.196<\/td> SESSION-fb43e37656185293 \u2192 host:2.57.122.196<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-ae4f295d1d4cff7e:host:172.232.0.17<\/td> SESSION-ae4f295d1d4cff7e \u2192 host:172.232.0.17<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-e15010a8a1e57ef1:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-e15010a8a1e57ef1 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> flow_observed3-aryOBS<\/td> e:fo:flow:0cab2ce4a41a<\/td> flow:0cab2ce4a41a \u2192 host:103.155.16.117 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-e7ac586ca0d0ef0f:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-e7ac586ca0d0ef0f \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-e5b926505913cd4c:host:172.234.197.23<\/td> SESSION-e5b926505913cd4c \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-32c3b80c2cc69cbc:host:172.232.0.17<\/td> SESSION-32c3b80c2cc69cbc \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-01a793e8041caae3:host:172.234.197.23<\/td> SESSION-01a793e8041caae3 \u2192 host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:199.16.157.183:asn:13414<\/td> host:199.16.157.183 \u2192 asn:13414<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-fe2be36828e6c4a2:host:172.234.197.23<\/td> SESSION-fe2be36828e6c4a2 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-5f6379841834a338:host:2.57.122.192<\/td> SESSION-5f6379841834a338 \u2192 host:2.57.122.192<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-2b16ad2cc059d584:flow:4cb79ca168a0<\/td> SESSION-2b16ad2cc059d584 \u2192 flow:4cb79ca168a0<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:59.6.77.80:geo_37.54150_127.02520<\/td> host:59.6.77.80 \u2192 geo_37.54150_127.02520<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-e15010a8a1e57ef1:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-e15010a8a1e57ef1 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-7b48e5e7105113e9:flow:93cba7dfff64<\/td> SESSION-7b48e5e7105113e9 \u2192 flow:93cba7dfff64<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:f834d92b87f4:port:udp:53<\/td> flow:f834d92b87f4 \u2192 port:udp:53<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:4eaa609c2624:port:tcp:443<\/td> flow:4eaa609c2624 \u2192 port:tcp:443<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-fb43e37656185293:host:172.234.197.23:host:2.57.122.196<\/td> SESSION-fb43e37656185293 \u2192 host:172.234.197.23 \u2192 host:2.57.122.196<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:b8c49dd508ec:port:udp:53<\/td> flow:b8c49dd508ec \u2192 port:udp:53<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-03ccec65d79829da:host:8.222.219.23<\/td> SESSION-03ccec65d79829da \u2192 host:8.222.219.23<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-07867b4b46fa60d0:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-07867b4b46fa60d0 \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-43328f9b50a5d423:host:40.119.32.47<\/td> SESSION-43328f9b50a5d423 \u2192 host:40.119.32.47<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-df9c042eed58d783:host:2.57.122.196<\/td> SESSION-df9c042eed58d783 \u2192 host:2.57.122.196<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:28bd443b2c5e<\/td> flow:28bd443b2c5e \u2192 host:46.38.236.138 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-bd11a50065a6cb7c:flow:da7065edff23<\/td> SESSION-bd11a50065a6cb7c \u2192 flow:da7065edff23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-c13e61513d1b018d:SESSION-c13e61513d1b018d<\/td> SESSION-c13e61513d1b018d \u2192 pe:syn:SESSION-c13e61513d1b018d<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:c63542b74c29<\/td> flow:c63542b74c29 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-5ae5c17cec58f583:host:172.234.197.23<\/td> SESSION-5ae5c17cec58f583 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-2d3d727470c1d931:SESSION-2d3d727470c1d931<\/td> SESSION-2d3d727470c1d931 \u2192 pe:dns:SESSION-2d3d727470c1d931<\/td><\/tr> flow_observed3-aryOBS<\/td> e:fo:flow:fbf83df1b6b6<\/td> flow:fbf83df1b6b6 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-df0521ee237a9620:SESSION-df0521ee237a9620<\/td> SESSION-df0521ee237a9620 \u2192 pe:tls:SESSION-df0521ee237a9620<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:e62070b6aeb6:port:tcp:443<\/td> flow:e62070b6aeb6 \u2192 port:tcp:443<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-bd11a50065a6cb7c:SESSION-bd11a50065a6cb7c<\/td> SESSION-bd11a50065a6cb7c \u2192 pe:tls:SESSION-bd11a50065a6cb7c<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-01a793e8041caae3:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-01a793e8041caae3 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-5846cd006f1eacb7:host:45.79.109.130:host:172.234.197.23<\/td> SESSION-5846cd006f1eacb7 \u2192 host:45.79.109.130 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-b6e59bfdb17a240e:host:58.254.182.115<\/td> SESSION-b6e59bfdb17a240e \u2192 host:58.254.182.115<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-47d044a3990fe914:host:172.234.197.23<\/td> SESSION-47d044a3990fe914 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-c52a62f7c65f2e1a:host:46.38.236.138<\/td> SESSION-c52a62f7c65f2e1a \u2192 host:46.38.236.138<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-a61d2aadfc894ab0:SESSION-a61d2aadfc894ab0<\/td> SESSION-a61d2aadfc894ab0 \u2192 pe:rst:SESSION-a61d2aadfc894ab0<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-dbe1edd4efb49468:host:35.233.68.173:host:172.234.197.23<\/td> SESSION-dbe1edd4efb49468 \u2192 host:35.233.68.173 \u2192 host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:92.118.39.236:asn:47890<\/td> host:92.118.39.236 \u2192 asn:47890<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:4cb79ca168a0<\/td> flow:4cb79ca168a0 \u2192 host:17.22.237.22 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-0938448bdcbd9d9c:host:172.234.197.23<\/td> SESSION-0938448bdcbd9d9c \u2192 host:172.234.197.23<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-124f188fc662f45b:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-124f188fc662f45b \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:45.79.109.130:geo_37.56250_-122.00040<\/td> host:45.79.109.130 \u2192 geo_37.56250_-122.00040<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:396982:org:Google LLC<\/td> asn:396982 \u2192 org:Google LLC<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-46adfbb34624e2be:host:172.234.197.23<\/td> SESSION-46adfbb34624e2be \u2192 host:172.234.197.23<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:c51bf5b097ea:port:tcp:443<\/td> flow:c51bf5b097ea \u2192 port:tcp:443<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-f8e62b0ad557062a:host:199.16.157.181<\/td> SESSION-f8e62b0ad557062a \u2192 host:199.16.157.181<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-2d3d727470c1d931:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-2d3d727470c1d931 \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-c52a62f7c65f2e1a:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-c52a62f7c65f2e1a \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-132c0a35e55eb362:host:23.234.69.80<\/td> SESSION-132c0a35e55eb362 \u2192 host:23.234.69.80<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-2d3d727470c1d931:host:172.234.197.23<\/td> SESSION-2d3d727470c1d931 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:f268f9985c23:port:udp:53<\/td> flow:f268f9985c23 \u2192 port:udp:53<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-bd11a50065a6cb7c:host:172.234.197.23<\/td> SESSION-bd11a50065a6cb7c \u2192 host:172.234.197.23<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:2759e86a7e02:port:udp:53<\/td> flow:2759e86a7e02 \u2192 port:udp:53<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-fe2be36828e6c4a2:SESSION-fe2be36828e6c4a2<\/td> SESSION-fe2be36828e6c4a2 \u2192 pe:dns:SESSION-fe2be36828e6c4a2<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-8b6b3bfbd3509f3d:host:172.234.197.23<\/td> SESSION-8b6b3bfbd3509f3d \u2192 host:172.234.197.23<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:4766:org:Korea Telecom<\/td> asn:4766 \u2192 org:Korea Telecom<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-32c3b80c2cc69cbc:host:172.234.197.23<\/td> SESSION-32c3b80c2cc69cbc \u2192 host:172.234.197.23<\/td><\/tr> flow_observed3-aryOBS<\/td> e:fo:flow:5091dda9661a<\/td> flow:5091dda9661a \u2192 host:172.234.197.23 \u2192 host:2.57.122.192<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:103.155.16.117:asn:138915<\/td> host:103.155.16.117 \u2192 asn:138915<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:11878:org:tzulo, inc.<\/td> asn:11878 \u2192 org:tzulo, inc.<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:c51bf5b097ea<\/td> flow:c51bf5b097ea \u2192 host:199.16.157.183 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-ae4f295d1d4cff7e:host:172.234.197.23<\/td> SESSION-ae4f295d1d4cff7e \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-e15010a8a1e57ef1:host:172.232.0.17<\/td> SESSION-e15010a8a1e57ef1 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-bd11a50065a6cb7c:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-bd11a50065a6cb7c \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:da7065edff23:port:tcp:443<\/td> flow:da7065edff23 \u2192 port:tcp:443<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:9f56a1b92a85:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:9f56a1b92a85 \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-dd03efe0b367bd0d:host:172.234.197.23<\/td> SESSION-dd03efe0b367bd0d \u2192 host:172.234.197.23<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:6485c04b666a<\/td> flow:6485c04b666a \u2192 host:8.222.219.23 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-5f6379841834a338:host:172.234.197.23<\/td> SESSION-5f6379841834a338 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-0938448bdcbd9d9c:SESSION-0938448bdcbd9d9c<\/td> SESSION-0938448bdcbd9d9c \u2192 pe:dns:SESSION-0938448bdcbd9d9c<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td> e:bsg:SESSION-47d044a3990fe914:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-47d044a3990fe914 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-b6bccd19e88cac02:host:172.234.197.23<\/td> SESSION-b6bccd19e88cac02 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:d5c7343ffad3:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:d5c7343ffad3 \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:66.228.53.204:geo_32.94730_-96.70280<\/td> host:66.228.53.204 \u2192 geo_32.94730_-96.70280<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:d3ab3699f29d:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:d3ab3699f29d \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-a61d2aadfc894ab0:host:92.118.39.236<\/td> SESSION-a61d2aadfc894ab0 \u2192 host:92.118.39.236<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-4efa693f129e7ca6:host:172.234.197.23<\/td> SESSION-4efa693f129e7ca6 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-801986a05f874d44:SESSION-801986a05f874d44<\/td> SESSION-801986a05f874d44 \u2192 pe:tls:SESSION-801986a05f874d44<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-2d3d727470c1d931:host:172.232.0.17<\/td> SESSION-2d3d727470c1d931 \u2192 host:172.232.0.17<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:c63542b74c29:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td> flow:c63542b74c29 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-01a793e8041caae3:SESSION-01a793e8041caae3<\/td> SESSION-01a793e8041caae3 \u2192 pe:syn:SESSION-01a793e8041caae3<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:6167:org:Verizon Business<\/td> asn:6167 \u2192 org:Verizon Business<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:5e470028e46b:port:tcp:42622<\/td> flow:5e470028e46b \u2192 port:tcp:42622<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-c13e61513d1b018d:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-c13e61513d1b018d \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-43328f9b50a5d423:host:40.119.32.47<\/td> SESSION-43328f9b50a5d423 \u2192 host:40.119.32.47<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-549cd508c26f4eff:host:172.234.197.23<\/td> SESSION-549cd508c26f4eff \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-e15010a8a1e57ef1:SESSION-e15010a8a1e57ef1<\/td> SESSION-e15010a8a1e57ef1 \u2192 pe:dns:SESSION-e15010a8a1e57ef1<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-46adfbb34624e2be:host:2.57.122.192<\/td> SESSION-46adfbb34624e2be \u2192 host:2.57.122.192<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-7b48e5e7105113e9:host:199.16.157.181<\/td> SESSION-7b48e5e7105113e9 \u2192 host:199.16.157.181<\/td><\/tr> flow_observed3-aryOBS<\/td> e:fo:flow:c8a7ee2a5fe9<\/td> flow:c8a7ee2a5fe9 \u2192 host:172.234.197.23 \u2192 host:2.57.122.196<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-801986a05f874d44:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-801986a05f874d44 \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-0938448bdcbd9d9c:host:172.232.0.17<\/td> SESSION-0938448bdcbd9d9c \u2192 host:172.232.0.17<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-137907a1c322972d:SESSION-137907a1c322972d<\/td> SESSION-137907a1c322972d \u2192 pe:rst:SESSION-137907a1c322972d<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-e5b926505913cd4c:PCAP:capture_20260424140001:b547b7157000<\/td> SESSION-e5b926505913cd4c \u2192 PCAP:capture_20260424140001:b547b7157000<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-fb43e37656185293:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-fb43e37656185293 \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-137907a1c322972d:host:172.234.197.23<\/td> SESSION-137907a1c322972d \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-e9f4a4a9c8d0d99f:host:199.16.157.182<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 host:199.16.157.182<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-c52a62f7c65f2e1a:SESSION-c52a62f7c65f2e1a<\/td> SESSION-c52a62f7c65f2e1a \u2192 pe:tls:SESSION-c52a62f7c65f2e1a<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-32c3b80c2cc69cbc:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-32c3b80c2cc69cbc \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> FLOW_HTTP_HOSTOBS<\/td> e:fh:flow:42f1c8ab98a8:http_host:172.234.197.23<\/td> flow:42f1c8ab98a8 \u2192 http_host:172.234.197.23<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:d5c7343ffad3<\/td> flow:d5c7343ffad3 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:199.16.157.182:asn:13414<\/td> host:199.16.157.182 \u2192 asn:13414<\/td><\/tr> FLOW_TLS_SNIOBS<\/td> e:fs:flow:4cb79ca168a0:tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td> flow:4cb79ca168a0 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-c13e61513d1b018d:host:78.153.140.148<\/td> SESSION-c13e61513d1b018d \u2192 host:78.153.140.148<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-e7ac586ca0d0ef0f:host:172.232.0.17<\/td> SESSION-e7ac586ca0d0ef0f \u2192 host:172.232.0.17<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-0afee6a6d9f48fa0:host:172.234.197.23<\/td> SESSION-0afee6a6d9f48fa0 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-c52a62f7c65f2e1a:host:46.38.236.138<\/td> SESSION-c52a62f7c65f2e1a \u2192 host:46.38.236.138<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-a61d2aadfc894ab0:host:172.234.197.23:host:92.118.39.236<\/td> SESSION-a61d2aadfc894ab0 \u2192 host:172.234.197.23 \u2192 host:92.118.39.236<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-124f188fc662f45b:flow:c51bf5b097ea<\/td> SESSION-124f188fc662f45b \u2192 flow:c51bf5b097ea<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-1f6be4d567980bce:host:172.234.197.23:host:2.57.122.192<\/td> SESSION-1f6be4d567980bce \u2192 host:172.234.197.23 \u2192 host:2.57.122.192<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:3c416f42759a:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:3c416f42759a \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:c4e6a453e687:port:udp:53<\/td> flow:c4e6a453e687 \u2192 port:udp:53<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-e9f4a4a9c8d0d99f:flow:0d727e2708b4<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 flow:0d727e2708b4<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-8b6b3bfbd3509f3d:host:103.155.16.117<\/td> SESSION-8b6b3bfbd3509f3d \u2192 host:103.155.16.117<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-e5b926505913cd4c:SESSION-e5b926505913cd4c<\/td> SESSION-e5b926505913cd4c \u2192 pe:syn:SESSION-e5b926505913cd4c<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-b6bccd19e88cac02:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-b6bccd19e88cac02 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:0d727e2708b4<\/td> flow:0d727e2708b4 \u2192 host:199.16.157.182 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-801986a05f874d44:host:66.228.53.204:host:172.234.197.23<\/td> SESSION-801986a05f874d44 \u2192 host:66.228.53.204 \u2192 host:172.234.197.23<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:67799a4b0206<\/td> flow:67799a4b0206 \u2192 host:199.16.157.182 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:58.254.182.115:geo_22.77850_115.34520<\/td> host:58.254.182.115 \u2192 geo_22.77850_115.34520<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:e426dc2add72:port:tcp:3210<\/td> flow:e426dc2add72 \u2192 port:tcp:3210<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-c52a62f7c65f2e1a:flow:28bd443b2c5e<\/td> SESSION-c52a62f7c65f2e1a \u2192 flow:28bd443b2c5e<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-07867b4b46fa60d0:flow:f834d92b87f4<\/td> SESSION-07867b4b46fa60d0 \u2192 flow:f834d92b87f4<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:53418f626ce5<\/td> flow:53418f626ce5 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-07867b4b46fa60d0:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-07867b4b46fa60d0 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-e9f4a4a9c8d0d99f:host:199.16.157.182<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 host:199.16.157.182<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-5f6379841834a338:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-5f6379841834a338 \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-fe2be36828e6c4a2:host:172.232.0.17<\/td> SESSION-fe2be36828e6c4a2 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-6b6584907add35ca:host:172.234.197.23<\/td> SESSION-6b6584907add35ca \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-4efa693f129e7ca6:host:66.228.53.204<\/td> SESSION-4efa693f129e7ca6 \u2192 host:66.228.53.204<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:9f56a1b92a85<\/td> flow:9f56a1b92a85 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:53418f626ce5:port:udp:53<\/td> flow:53418f626ce5 \u2192 port:udp:53<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-c52a62f7c65f2e1a:host:172.234.197.23<\/td> SESSION-c52a62f7c65f2e1a \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-549cd508c26f4eff:host:128.9.29.131<\/td> SESSION-549cd508c26f4eff \u2192 host:128.9.29.131<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-f8e62b0ad557062a:flow:10959da4f2fa<\/td> SESSION-f8e62b0ad557062a \u2192 flow:10959da4f2fa<\/td><\/tr> flow_observed4-aryOBS<\/td> e:fo:flow:5e470028e46b<\/td> flow:5e470028e46b \u2192 host:172.234.197.23 \u2192 host:59.6.77.80 \u2192 port:tcp:42622<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:743cca931674<\/td> flow:743cca931674 \u2192 host:2.57.122.192 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-1f6be4d567980bce:flow:5091dda9661a<\/td> SESSION-1f6be4d567980bce \u2192 flow:5091dda9661a<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-0afee6a6d9f48fa0:host:103.155.16.117<\/td> SESSION-0afee6a6d9f48fa0 \u2192 host:103.155.16.117<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:88006e5933e9:port:udp:53<\/td> flow:88006e5933e9 \u2192 port:udp:53<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-dd03efe0b367bd0d:PCAP:capture_20260424170001:2a81081d173e<\/td> SESSION-dd03efe0b367bd0d \u2192 PCAP:capture_20260424170001:2a81081d173e<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-fc3f949cbddefabd:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-fc3f949cbddefabd \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-2b16ad2cc059d584:host:17.22.237.22<\/td> SESSION-2b16ad2cc059d584 \u2192 host:17.22.237.22<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%<\/td> e:bsg:SESSION-6b6584907add35ca:BSG-DATA_EXFIL-0b1600805959<\/td> SESSION-6b6584907add35ca \u2192 BSG-DATA_EXFIL-0b1600805959<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:236e160bf97b<\/td> flow:236e160bf97b \u2192 host:92.118.39.197 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-2f842951575bb476:host:78.153.140.148<\/td> SESSION-2f842951575bb476 \u2192 host:78.153.140.148<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-b6e59bfdb17a240e:flow:4fa77a1ba33a<\/td> SESSION-b6e59bfdb17a240e \u2192 flow:4fa77a1ba33a<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-4efa693f129e7ca6:host:172.234.197.23<\/td> SESSION-4efa693f129e7ca6 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-6b6584907add35ca:host:43.135.145.73:host:172.234.197.23<\/td> SESSION-6b6584907add35ca \u2192 host:43.135.145.73 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-43328f9b50a5d423:flow:99a9f8b7c5b3<\/td> SESSION-43328f9b50a5d423 \u2192 flow:99a9f8b7c5b3<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-d2ebf88e7456c490:host:92.118.39.197:host:172.234.197.23<\/td> SESSION-d2ebf88e7456c490 \u2192 host:92.118.39.197 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-32c3b80c2cc69cbc:flow:c37aaecdcc9a<\/td> SESSION-32c3b80c2cc69cbc \u2192 flow:c37aaecdcc9a<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-df0521ee237a9620:flow:2c6c48655616<\/td> SESSION-df0521ee237a9620 \u2192 flow:2c6c48655616<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-0afee6a6d9f48fa0:host:172.234.197.23<\/td> SESSION-0afee6a6d9f48fa0 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-ae4f295d1d4cff7e:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-ae4f295d1d4cff7e \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-5f6379841834a338:host:172.234.197.23:host:2.57.122.192<\/td> SESSION-5f6379841834a338 \u2192 host:172.234.197.23 \u2192 host:2.57.122.192<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-03ccec65d79829da:host:172.234.197.23<\/td> SESSION-03ccec65d79829da \u2192 host:172.234.197.23<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:2759e86a7e02:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:2759e86a7e02 \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-c365d629ce285be9:host:199.16.157.183:host:172.234.197.23<\/td> SESSION-c365d629ce285be9 \u2192 host:199.16.157.183 \u2192 host:172.234.197.23<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:136958:org:China Unicom Guangdong IP network<\/td> asn:136958 \u2192 org:China Unicom Guangdong IP network<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-0afee6a6d9f48fa0:host:103.155.16.117<\/td> SESSION-0afee6a6d9f48fa0 \u2192 host:103.155.16.117<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-801986a05f874d44:host:172.234.197.23<\/td> SESSION-801986a05f874d44 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-2d3d727470c1d931:host:172.232.0.17<\/td> SESSION-2d3d727470c1d931 \u2192 host:172.232.0.17<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:24940:org:Hetzner Online GmbH<\/td> asn:24940 \u2192 org:Hetzner Online GmbH<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-01a793e8041caae3:host:172.234.197.23<\/td> SESSION-01a793e8041caae3 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:6485c04b666a:port:tcp:22<\/td> flow:6485c04b666a \u2192 port:tcp:22<\/td><\/tr> FLOW_TLS_SNIOBS<\/td> e:fs:flow:0d727e2708b4:tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td> flow:0d727e2708b4 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:46.38.236.138:geo_49.44230_11.01910<\/td> host:46.38.236.138 \u2192 geo_49.44230_11.01910<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-5f6379841834a338:SESSION-5f6379841834a338<\/td> SESSION-5f6379841834a338 \u2192 pe:rst:SESSION-5f6379841834a338<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-bcd7e2d1fd452ee5:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-43328f9b50a5d423:host:172.234.197.23<\/td> SESSION-43328f9b50a5d423 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-5b6e402ee019b6c1:flow:5e470028e46b<\/td> SESSION-5b6e402ee019b6c1 \u2192 flow:5e470028e46b<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-b6bccd19e88cac02:SESSION-b6bccd19e88cac02<\/td> SESSION-b6bccd19e88cac02 \u2192 pe:dns:SESSION-b6bccd19e88cac02<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-c52a62f7c65f2e1a:SESSION-c52a62f7c65f2e1a<\/td> SESSION-c52a62f7c65f2e1a \u2192 pe:syn:SESSION-c52a62f7c65f2e1a<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:99a9f8b7c5b3<\/td> flow:99a9f8b7c5b3 \u2192 host:40.119.32.47 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-801986a05f874d44:SESSION-801986a05f874d44<\/td> SESSION-801986a05f874d44 \u2192 pe:syn:SESSION-801986a05f874d44<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-47d044a3990fe914:PCAP:capture_20260424140001:b547b7157000<\/td> SESSION-47d044a3990fe914 \u2192 PCAP:capture_20260424140001:b547b7157000<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-46adfbb34624e2be:host:172.234.197.23:host:2.57.122.192<\/td> SESSION-46adfbb34624e2be \u2192 host:172.234.197.23 \u2192 host:2.57.122.192<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:23.234.69.80:asn:11878<\/td> host:23.234.69.80 \u2192 asn:11878<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-47d044a3990fe914:host:172.232.0.17<\/td> SESSION-47d044a3990fe914 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-b6bccd19e88cac02:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-b6bccd19e88cac02 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:f268f9985c23:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:f268f9985c23 \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-e15010a8a1e57ef1:host:172.232.0.17<\/td> SESSION-e15010a8a1e57ef1 \u2192 host:172.232.0.17<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:40.119.32.47:geo_29.42270_-98.49270<\/td> host:40.119.32.47 \u2192 geo_29.42270_-98.49270<\/td><\/tr> FLOW_TLS_SNIOBS<\/td> e:fs:flow:a46be0b84889:tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td> flow:a46be0b84889 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-132c0a35e55eb362:flow:9b1def7bdac1<\/td> SESSION-132c0a35e55eb362 \u2192 flow:9b1def7bdac1<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td> e:bsg:SESSION-e7ac586ca0d0ef0f:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-e7ac586ca0d0ef0f \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-e7ac586ca0d0ef0f:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-e7ac586ca0d0ef0f \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-c365d629ce285be9:host:199.16.157.183<\/td> SESSION-c365d629ce285be9 \u2192 host:199.16.157.183<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:991e601541a1<\/td> flow:991e601541a1 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:172.234.197.23:asn:63949<\/td> host:172.234.197.23 \u2192 asn:63949<\/td><\/tr> PORT_IMPLIED_SERVICEIMP 70%<\/td> e:ps:port:udp:53:svc:dns<\/td> port:udp:53 \u2192 svc:dns<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-7b48e5e7105113e9:host:172.234.197.23<\/td> SESSION-7b48e5e7105113e9 \u2192 host:172.234.197.23<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:d3ab3699f29d<\/td> flow:d3ab3699f29d \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-dbe1edd4efb49468:host:172.234.197.23<\/td> SESSION-dbe1edd4efb49468 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-2b16ad2cc059d584:host:17.22.237.22:host:172.234.197.23<\/td> SESSION-2b16ad2cc059d584 \u2192 host:17.22.237.22 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-32c3b80c2cc69cbc:host:172.234.197.23<\/td> SESSION-32c3b80c2cc69cbc \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-8a981e11d869c723:host:199.16.157.182:host:172.234.197.23<\/td> SESSION-8a981e11d869c723 \u2192 host:199.16.157.182 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-dbe1edd4efb49468:PCAP:capture_20260424140001:b547b7157000<\/td> SESSION-dbe1edd4efb49468 \u2192 PCAP:capture_20260424140001:b547b7157000<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-549cd508c26f4eff:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-549cd508c26f4eff \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:236e160bf97b:port:tcp:22<\/td> flow:236e160bf97b \u2192 port:tcp:22<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-8a981e11d869c723:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-8a981e11d869c723 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%<\/td> e:bsg:SESSION-7b48e5e7105113e9:BSG-DATA_EXFIL-c45ebda152e5<\/td> SESSION-7b48e5e7105113e9 \u2192 BSG-DATA_EXFIL-c45ebda152e5<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-32c3b80c2cc69cbc:host:172.232.0.17<\/td> SESSION-32c3b80c2cc69cbc \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-bcd7e2d1fd452ee5:host:172.234.197.23<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-bd11a50065a6cb7c:SESSION-bd11a50065a6cb7c<\/td> SESSION-bd11a50065a6cb7c \u2192 pe:rst:SESSION-bd11a50065a6cb7c<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-f8e62b0ad557062a:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-f8e62b0ad557062a \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-5846cd006f1eacb7:host:45.79.109.130<\/td> SESSION-5846cd006f1eacb7 \u2192 host:45.79.109.130<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-fb43e37656185293:host:172.234.197.23<\/td> SESSION-fb43e37656185293 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-1f6be4d567980bce:host:2.57.122.192<\/td> SESSION-1f6be4d567980bce \u2192 host:2.57.122.192<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-8b6b3bfbd3509f3d:host:103.155.16.117<\/td> SESSION-8b6b3bfbd3509f3d \u2192 host:103.155.16.117<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%<\/td> e:bsg:SESSION-2b16ad2cc059d584:BSG-DATA_EXFIL-ba0a9ef14e5d<\/td> SESSION-2b16ad2cc059d584 \u2192 BSG-DATA_EXFIL-ba0a9ef14e5d<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-7b48e5e7105113e9:SESSION-7b48e5e7105113e9<\/td> SESSION-7b48e5e7105113e9 \u2192 pe:syn:SESSION-7b48e5e7105113e9<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-801986a05f874d44:host:66.228.53.204<\/td> SESSION-801986a05f874d44 \u2192 host:66.228.53.204<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-01a793e8041caae3:flow:a46be0b84889<\/td> SESSION-01a793e8041caae3 \u2192 flow:a46be0b84889<\/td><\/tr> flow_observed3-aryOBS<\/td> e:fo:flow:81b8ace9a2e6<\/td> flow:81b8ace9a2e6 \u2192 host:172.234.197.23 \u2192 host:2.57.122.192<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-5f6379841834a338:host:172.234.197.23<\/td> SESSION-5f6379841834a338 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-0938448bdcbd9d9c:flow:c63542b74c29<\/td> SESSION-0938448bdcbd9d9c \u2192 flow:c63542b74c29<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-f952d347444430eb:host:172.234.197.23<\/td> SESSION-f952d347444430eb \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-bd11a50065a6cb7c:host:144.76.23.47<\/td> SESSION-bd11a50065a6cb7c \u2192 host:144.76.23.47<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-5ae5c17cec58f583:host:97.139.12.85<\/td> SESSION-5ae5c17cec58f583 \u2192 host:97.139.12.85<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-7f4ca9b0d8673927:SESSION-7f4ca9b0d8673927<\/td> SESSION-7f4ca9b0d8673927 \u2192 pe:dns:SESSION-7f4ca9b0d8673927<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-47d044a3990fe914:flow:88006e5933e9<\/td> SESSION-47d044a3990fe914 \u2192 flow:88006e5933e9<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-df0521ee237a9620:host:97.139.12.85<\/td> SESSION-df0521ee237a9620 \u2192 host:97.139.12.85<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-46adfbb34624e2be:host:2.57.122.192<\/td> SESSION-46adfbb34624e2be \u2192 host:2.57.122.192<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-46adfbb34624e2be:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-46adfbb34624e2be \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-2d3d727470c1d931:flow:f268f9985c23<\/td> SESSION-2d3d727470c1d931 \u2192 flow:f268f9985c23<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:6ac8bc7ce374:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:6ac8bc7ce374 \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> PORT_IMPLIED_SERVICEIMP 70%<\/td> e:ps:port:tcp:443:svc:https<\/td> port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-dbe1edd4efb49468:SESSION-dbe1edd4efb49468<\/td> SESSION-dbe1edd4efb49468 \u2192 pe:syn:SESSION-dbe1edd4efb49468<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-7b48e5e7105113e9:host:172.234.197.23<\/td> SESSION-7b48e5e7105113e9 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-df9c042eed58d783:host:172.234.197.23<\/td> SESSION-df9c042eed58d783 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-ae4f295d1d4cff7e:SESSION-ae4f295d1d4cff7e<\/td> SESSION-ae4f295d1d4cff7e \u2192 pe:dns:SESSION-ae4f295d1d4cff7e<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:714:org:Apple Inc.<\/td> asn:714 \u2192 org:Apple Inc.<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:c4e6a453e687<\/td> flow:c4e6a453e687 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:144.76.23.47:asn:24940<\/td> host:144.76.23.47 \u2192 asn:24940<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-c13e61513d1b018d:host:78.153.140.148:host:172.234.197.23<\/td> SESSION-c13e61513d1b018d \u2192 host:78.153.140.148 \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:199.16.157.181:geo_33.76970_-84.37540<\/td> host:199.16.157.181 \u2192 geo_33.76970_-84.37540<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:a46be0b84889<\/td> flow:a46be0b84889 \u2192 host:144.76.23.47 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-5ae5c17cec58f583:host:97.139.12.85:host:172.234.197.23<\/td> SESSION-5ae5c17cec58f583 \u2192 host:97.139.12.85 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-43328f9b50a5d423:host:40.119.32.47:host:172.234.197.23<\/td> SESSION-43328f9b50a5d423 \u2192 host:40.119.32.47 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:6ac8bc7ce374:port:udp:53<\/td> flow:6ac8bc7ce374 \u2192 port:udp:53<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-124f188fc662f45b:host:199.16.157.183:host:172.234.197.23<\/td> SESSION-124f188fc662f45b \u2192 host:199.16.157.183 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-8b6b3bfbd3509f3d:host:172.234.197.23<\/td> SESSION-8b6b3bfbd3509f3d \u2192 host:172.234.197.23<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:0d727e2708b4:port:tcp:443<\/td> flow:0d727e2708b4 \u2192 port:tcp:443<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-fb43e37656185293:host:2.57.122.196<\/td> SESSION-fb43e37656185293 \u2192 host:2.57.122.196<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:138915:org:Kaopu Cloud HK Limited<\/td> asn:138915 \u2192 org:Kaopu Cloud HK Limited<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-df0521ee237a9620:host:172.234.197.23<\/td> SESSION-df0521ee237a9620 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-dbe1edd4efb49468:host:35.233.68.173<\/td> SESSION-dbe1edd4efb49468 \u2192 host:35.233.68.173<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-01a793e8041caae3:host:144.76.23.47:host:172.234.197.23<\/td> SESSION-01a793e8041caae3 \u2192 host:144.76.23.47 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-e15010a8a1e57ef1:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-e15010a8a1e57ef1 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-e9f4a4a9c8d0d99f:SESSION-e9f4a4a9c8d0d99f<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 pe:syn:SESSION-e9f4a4a9c8d0d99f<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:c37aaecdcc9a:port:udp:53<\/td> flow:c37aaecdcc9a \u2192 port:udp:53<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-dd03efe0b367bd0d:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-dd03efe0b367bd0d \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-32c3b80c2cc69cbc:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-32c3b80c2cc69cbc \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-2b16ad2cc059d584:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-2b16ad2cc059d584 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-a61d2aadfc894ab0:PCAP:capture_20260424140001:b547b7157000<\/td> SESSION-a61d2aadfc894ab0 \u2192 PCAP:capture_20260424140001:b547b7157000<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-6b6584907add35ca:flow:4eaa609c2624<\/td> SESSION-6b6584907add35ca \u2192 flow:4eaa609c2624<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-d2ebf88e7456c490:SESSION-d2ebf88e7456c490<\/td> SESSION-d2ebf88e7456c490 \u2192 pe:rst:SESSION-d2ebf88e7456c490<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-2f842951575bb476:host:78.153.140.148:host:172.234.197.23<\/td> SESSION-2f842951575bb476 \u2192 host:78.153.140.148 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-df9c042eed58d783:host:2.57.122.196<\/td> SESSION-df9c042eed58d783 \u2192 host:2.57.122.196<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:9b1def7bdac1:port:tcp:18249<\/td> flow:9b1def7bdac1 \u2192 port:tcp:18249<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-df9c042eed58d783:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-df9c042eed58d783 \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-dbe1edd4efb49468:host:172.234.197.23<\/td> SESSION-dbe1edd4efb49468 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-d2ebf88e7456c490:flow:236e160bf97b<\/td> SESSION-d2ebf88e7456c490 \u2192 flow:236e160bf97b<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-132c0a35e55eb362:SESSION-132c0a35e55eb362<\/td> SESSION-132c0a35e55eb362 \u2192 pe:syn:SESSION-132c0a35e55eb362<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:93cba7dfff64<\/td> flow:93cba7dfff64 \u2192 host:199.16.157.181 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:10959da4f2fa:port:tcp:443<\/td> flow:10959da4f2fa \u2192 port:tcp:443<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-df0521ee237a9620:host:172.234.197.23<\/td> SESSION-df0521ee237a9620 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-132c0a35e55eb362:host:172.234.197.23<\/td> SESSION-132c0a35e55eb362 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-4efa693f129e7ca6:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-4efa693f129e7ca6 \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-7f4ca9b0d8673927:host:172.232.0.17<\/td> SESSION-7f4ca9b0d8673927 \u2192 host:172.232.0.17<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:c63542b74c29:port:udp:53<\/td> flow:c63542b74c29 \u2192 port:udp:53<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-b6e59bfdb17a240e:host:172.234.197.23<\/td> SESSION-b6e59bfdb17a240e \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-b6bccd19e88cac02:host:172.232.0.17<\/td> SESSION-b6bccd19e88cac02 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-124f188fc662f45b:host:199.16.157.183<\/td> SESSION-124f188fc662f45b \u2192 host:199.16.157.183<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-e5b926505913cd4c:host:92.118.39.236<\/td> SESSION-e5b926505913cd4c \u2192 host:92.118.39.236<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-132c0a35e55eb362:host:172.234.197.23<\/td> SESSION-132c0a35e55eb362 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-6b6584907add35ca:host:43.135.145.73<\/td> SESSION-6b6584907add35ca \u2192 host:43.135.145.73<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:f834d92b87f4<\/td> flow:f834d92b87f4 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:2c6c48655616<\/td> flow:2c6c48655616 \u2192 host:97.139.12.85 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-1f6be4d567980bce:PCAP:capture_20260424150002:9b7ba46ff54d<\/td> SESSION-1f6be4d567980bce \u2192 PCAP:capture_20260424150002:9b7ba46ff54d<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:3c416f42759a:port:udp:53<\/td> flow:3c416f42759a \u2192 port:udp:53<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-7b48e5e7105113e9:host:199.16.157.181<\/td> SESSION-7b48e5e7105113e9 \u2192 host:199.16.157.181<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-5ae5c17cec58f583:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-5ae5c17cec58f583 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-0afee6a6d9f48fa0:flow:fbf83df1b6b6<\/td> SESSION-0afee6a6d9f48fa0 \u2192 flow:fbf83df1b6b6<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-2b16ad2cc059d584:host:172.234.197.23<\/td> SESSION-2b16ad2cc059d584 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-b6e59bfdb17a240e:host:58.254.182.115<\/td> SESSION-b6e59bfdb17a240e \u2192 host:58.254.182.115<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:132203:org:Tencent Building, Kejizhongyi Avenue<\/td> asn:132203 \u2192 org:Tencent Building, Kejizhongyi Avenue<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:991e601541a1:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:991e601541a1 \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:172.234.197.23:geo_41.88350_-87.63050<\/td> host:172.234.197.23 \u2192 geo_41.88350_-87.63050<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-2d3d727470c1d931:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-2d3d727470c1d931 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-c365d629ce285be9:host:172.234.197.23<\/td> SESSION-c365d629ce285be9 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-5f6379841834a338:host:2.57.122.192<\/td> SESSION-5f6379841834a338 \u2192 host:2.57.122.192<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-bd11a50065a6cb7c:host:172.234.197.23<\/td> SESSION-bd11a50065a6cb7c \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-03ccec65d79829da:host:172.234.197.23<\/td> SESSION-03ccec65d79829da \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-5b6e402ee019b6c1:host:172.234.197.23<\/td> SESSION-5b6e402ee019b6c1 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-07867b4b46fa60d0:host:172.234.197.23<\/td> SESSION-07867b4b46fa60d0 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-2b16ad2cc059d584:host:17.22.237.22<\/td> SESSION-2b16ad2cc059d584 \u2192 host:17.22.237.22<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%<\/td> e:bsg:SESSION-801986a05f874d44:BSG-DATA_EXFIL-f0f719b48579<\/td> SESSION-801986a05f874d44 \u2192 BSG-DATA_EXFIL-f0f719b48579<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-c13e61513d1b018d:host:78.153.140.148<\/td> SESSION-c13e61513d1b018d \u2192 host:78.153.140.148<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-c13e61513d1b018d:host:172.234.197.23<\/td> SESSION-c13e61513d1b018d \u2192 host:172.234.197.23<\/td><\/tr> flow_observed4-aryOBS<\/td> e:fo:flow:0a764492b76b<\/td> flow:0a764492b76b \u2192 host:45.79.109.130 \u2192 host:172.234.197.23 \u2192 port:tcp:10006<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-72c3b3d3b2889ec2:host:172.232.0.17<\/td> SESSION-72c3b3d3b2889ec2 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-fc3f949cbddefabd:host:2.57.122.192<\/td> SESSION-fc3f949cbddefabd \u2192 host:2.57.122.192<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:a46be0b84889:port:tcp:443<\/td> flow:a46be0b84889 \u2192 port:tcp:443<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-d2ebf88e7456c490:host:172.234.197.23<\/td> SESSION-d2ebf88e7456c490 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-fe2be36828e6c4a2:host:172.234.197.23<\/td> SESSION-fe2be36828e6c4a2 \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:199.16.157.183:geo_33.76970_-84.37540<\/td> host:199.16.157.183 \u2192 geo_33.76970_-84.37540<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-dd03efe0b367bd0d:host:172.232.0.17<\/td> SESSION-dd03efe0b367bd0d \u2192 host:172.232.0.17<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-72c3b3d3b2889ec2:host:172.232.0.17<\/td> SESSION-72c3b3d3b2889ec2 \u2192 host:172.232.0.17<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:35.233.68.173:geo_50.85340_4.34700<\/td> host:35.233.68.173 \u2192 geo_50.85340_4.34700<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:128.9.29.131:asn:4<\/td> host:128.9.29.131 \u2192 asn:4<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:66bb27cf4c04:port:tcp:443<\/td> flow:66bb27cf4c04 \u2192 port:tcp:443<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:b9c87c3e6634<\/td> flow:b9c87c3e6634 \u2192 host:92.118.39.236 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-e15010a8a1e57ef1:host:172.234.197.23<\/td> SESSION-e15010a8a1e57ef1 \u2192 host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:40.119.32.47:asn:8075<\/td> host:40.119.32.47 \u2192 asn:8075<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:28bd443b2c5e:port:tcp:443<\/td> flow:28bd443b2c5e \u2192 port:tcp:443<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-dbe1edd4efb49468:host:35.233.68.173<\/td> SESSION-dbe1edd4efb49468 \u2192 host:35.233.68.173<\/td><\/tr> FLOW_HTTP_HOSTOBS<\/td> e:fh:flow:4a465ec75db9:http_host:172.234.197.23<\/td> flow:4a465ec75db9 \u2192 http_host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-72c3b3d3b2889ec2:host:172.234.197.23<\/td> SESSION-72c3b3d3b2889ec2 \u2192 host:172.234.197.23<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:958f77dbf2ff<\/td> flow:958f77dbf2ff \u2192 host:97.139.12.85 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-fc3f949cbddefabd:host:172.234.197.23<\/td> SESSION-fc3f949cbddefabd \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-137907a1c322972d:flow:43d87d43ebf2<\/td> SESSION-137907a1c322972d \u2192 flow:43d87d43ebf2<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:6ac8bc7ce374<\/td> flow:6ac8bc7ce374 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-e15010a8a1e57ef1:flow:6ac8bc7ce374<\/td> SESSION-e15010a8a1e57ef1 \u2192 flow:6ac8bc7ce374<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-6b6584907add35ca:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-6b6584907add35ca \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:c37aaecdcc9a:dns:172-234-197-23.ip.linodeusercontent.com<\/td> flow:c37aaecdcc9a \u2192 dns:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-137907a1c322972d:host:59.6.77.80<\/td> SESSION-137907a1c322972d \u2192 host:59.6.77.80<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:0a764492b76b:port:tcp:10006<\/td> flow:0a764492b76b \u2192 port:tcp:10006<\/td><\/tr> FLOW_TLS_SNIOBS<\/td> e:fs:flow:93cba7dfff64:tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td> flow:93cba7dfff64 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-f952d347444430eb:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-f952d347444430eb \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-46adfbb34624e2be:flow:81b8ace9a2e6<\/td> SESSION-46adfbb34624e2be \u2192 flow:81b8ace9a2e6<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-5846cd006f1eacb7:host:172.234.197.23<\/td> SESSION-5846cd006f1eacb7 \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:103.155.16.117:geo_1.29390_103.84610<\/td> host:103.155.16.117 \u2192 geo_1.29390_103.84610<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-e7ac586ca0d0ef0f:host:172.234.197.23<\/td> SESSION-e7ac586ca0d0ef0f \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-c52a62f7c65f2e1a:host:172.234.197.23<\/td> SESSION-c52a62f7c65f2e1a \u2192 host:172.234.197.23<\/td><\/tr> flow_observed3-aryOBS<\/td> e:fo:flow:ffb24c296a2c<\/td> flow:ffb24c296a2c \u2192 host:128.9.29.131 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-bd11a50065a6cb7c:SESSION-bd11a50065a6cb7c<\/td> SESSION-bd11a50065a6cb7c \u2192 pe:syn:SESSION-bd11a50065a6cb7c<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-2b16ad2cc059d584:SESSION-2b16ad2cc059d584<\/td> SESSION-2b16ad2cc059d584 \u2192 pe:tls:SESSION-2b16ad2cc059d584<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-1f6be4d567980bce:host:172.234.197.23<\/td> SESSION-1f6be4d567980bce \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-7f4ca9b0d8673927:flow:991e601541a1<\/td> SESSION-7f4ca9b0d8673927 \u2192 flow:991e601541a1<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-e9f4a4a9c8d0d99f:host:172.234.197.23<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:17.22.237.22:asn:714<\/td> host:17.22.237.22 \u2192 asn:714<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:78.153.140.148:geo_51.51640_-0.09300<\/td> host:78.153.140.148 \u2192 geo_51.51640_-0.09300<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:4a465ec75db9<\/td> flow:4a465ec75db9 \u2192 host:66.228.53.204 \u2192 host:172.234.197.23 \u2192 port:tcp:80 \u2192 svc:http<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-0938448bdcbd9d9c:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-0938448bdcbd9d9c \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-43328f9b50a5d423:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-43328f9b50a5d423 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-72c3b3d3b2889ec2:PCAP:capture_20260424170001:2a81081d173e<\/td> SESSION-72c3b3d3b2889ec2 \u2192 PCAP:capture_20260424170001:2a81081d173e<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-8a981e11d869c723:host:199.16.157.182<\/td> SESSION-8a981e11d869c723 \u2192 host:199.16.157.182<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-124f188fc662f45b:SESSION-124f188fc662f45b<\/td> SESSION-124f188fc662f45b \u2192 pe:tls:SESSION-124f188fc662f45b<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-5b6e402ee019b6c1:host:172.234.197.23:host:59.6.77.80<\/td> SESSION-5b6e402ee019b6c1 \u2192 host:172.234.197.23 \u2192 host:59.6.77.80<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td> e:bsg:SESSION-bcd7e2d1fd452ee5:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-f952d347444430eb:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-f952d347444430eb \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:4cb79ca168a0:port:tcp:443<\/td> flow:4cb79ca168a0 \u2192 port:tcp:443<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-5846cd006f1eacb7:flow:0a764492b76b<\/td> SESSION-5846cd006f1eacb7 \u2192 flow:0a764492b76b<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:2.57.122.196:geo_45.99680_24.99700<\/td> host:2.57.122.196 \u2192 geo_45.99680_24.99700<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-07867b4b46fa60d0:host:172.232.0.17<\/td> SESSION-07867b4b46fa60d0 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-2f842951575bb476:SESSION-2f842951575bb476<\/td> SESSION-2f842951575bb476 \u2192 pe:syn:SESSION-2f842951575bb476<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-8b6b3bfbd3509f3d:flow:0cab2ce4a41a<\/td> SESSION-8b6b3bfbd3509f3d \u2192 flow:0cab2ce4a41a<\/td><\/tr> FLOW_HTTP_HOSTOBS<\/td> e:fh:flow:af46c51682fe:http_host:172.234.197.23<\/td> flow:af46c51682fe \u2192 http_host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:92.118.39.197:asn:47890<\/td> host:92.118.39.197 \u2192 asn:47890<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-47d044a3990fe914:SESSION-47d044a3990fe914<\/td> SESSION-47d044a3990fe914 \u2192 pe:dns:SESSION-47d044a3990fe914<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-f952d347444430eb:SESSION-f952d347444430eb<\/td> SESSION-f952d347444430eb \u2192 pe:dns:SESSION-f952d347444430eb<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-b6e59bfdb17a240e:host:58.254.182.115:host:172.234.197.23<\/td> SESSION-b6e59bfdb17a240e \u2192 host:58.254.182.115 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-bcd7e2d1fd452ee5:SESSION-bcd7e2d1fd452ee5<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 pe:dns:SESSION-bcd7e2d1fd452ee5<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-6b6584907add35ca:SESSION-6b6584907add35ca<\/td> SESSION-6b6584907add35ca \u2192 pe:syn:SESSION-6b6584907add35ca<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:197540:org:netcup GmbH<\/td> asn:197540 \u2192 org:netcup GmbH<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:3c416f42759a<\/td> flow:3c416f42759a \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-6b6584907add35ca:SESSION-6b6584907add35ca<\/td> SESSION-6b6584907add35ca \u2192 pe:tls:SESSION-6b6584907add35ca<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-07867b4b46fa60d0:host:172.234.197.23<\/td> SESSION-07867b4b46fa60d0 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-bd11a50065a6cb7c:host:144.76.23.47:host:172.234.197.23<\/td> SESSION-bd11a50065a6cb7c \u2192 host:144.76.23.47 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-e9f4a4a9c8d0d99f:host:199.16.157.182:host:172.234.197.23<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 host:199.16.157.182 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-a61d2aadfc894ab0:host:172.234.197.23<\/td> SESSION-a61d2aadfc894ab0 \u2192 host:172.234.197.23<\/td><\/tr> PORT_IMPLIED_SERVICEIMP 70%<\/td> e:ps:port:tcp:80:svc:http<\/td> port:tcp:80 \u2192 svc:http<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:2759e86a7e02<\/td> flow:2759e86a7e02 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-1ca6064244966ba9:host:97.139.12.85<\/td> SESSION-1ca6064244966ba9 \u2192 host:97.139.12.85<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-dd03efe0b367bd0d:host:172.232.0.17<\/td> SESSION-dd03efe0b367bd0d \u2192 host:172.232.0.17<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-f8e62b0ad557062a:host:172.234.197.23<\/td> SESSION-f8e62b0ad557062a \u2192 host:172.234.197.23<\/td><\/tr> flow_observed4-aryOBS<\/td> e:fo:flow:43d87d43ebf2<\/td> flow:43d87d43ebf2 \u2192 host:172.234.197.23 \u2192 host:59.6.77.80 \u2192 port:tcp:42622<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-d2ebf88e7456c490:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-d2ebf88e7456c490 \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:4a465ec75db9:port:tcp:80<\/td> flow:4a465ec75db9 \u2192 port:tcp:80<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-72c3b3d3b2889ec2:host:172.234.197.23<\/td> SESSION-72c3b3d3b2889ec2 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-fb43e37656185293:flow:8f3f3aa1ab4a<\/td> SESSION-fb43e37656185293 \u2192 flow:8f3f3aa1ab4a<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:d4998ce3363c:port:tcp:15596<\/td> flow:d4998ce3363c \u2192 port:tcp:15596<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-b6bccd19e88cac02:flow:2759e86a7e02<\/td> SESSION-b6bccd19e88cac02 \u2192 flow:2759e86a7e02<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-5b6e402ee019b6c1:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-5b6e402ee019b6c1 \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-07867b4b46fa60d0:host:172.232.0.17<\/td> SESSION-07867b4b46fa60d0 \u2192 host:172.232.0.17<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-5ae5c17cec58f583:host:97.139.12.85<\/td> SESSION-5ae5c17cec58f583 \u2192 host:97.139.12.85<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-03ccec65d79829da:host:8.222.219.23<\/td> SESSION-03ccec65d79829da \u2192 host:8.222.219.23<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:93cba7dfff64:port:tcp:443<\/td> flow:93cba7dfff64 \u2192 port:tcp:443<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-ae4f295d1d4cff7e:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-ae4f295d1d4cff7e \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-5846cd006f1eacb7:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-5846cd006f1eacb7 \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-47d044a3990fe914:host:172.234.197.23<\/td> SESSION-47d044a3990fe914 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-7f4ca9b0d8673927:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-7f4ca9b0d8673927 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:43.135.145.73:geo_37.35300_-121.95440<\/td> host:43.135.145.73 \u2192 geo_37.35300_-121.95440<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:172.232.0.17:asn:63949<\/td> host:172.232.0.17 \u2192 asn:63949<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-df0521ee237a9620:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-df0521ee237a9620 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-5f6379841834a338:flow:d4998ce3363c<\/td> SESSION-5f6379841834a338 \u2192 flow:d4998ce3363c<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-137907a1c322972d:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-137907a1c322972d \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-d2ebf88e7456c490:host:92.118.39.197<\/td> SESSION-d2ebf88e7456c490 \u2192 host:92.118.39.197<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:743cca931674:port:tcp:22<\/td> flow:743cca931674 \u2192 port:tcp:22<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-2d3d727470c1d931:host:172.234.197.23<\/td> SESSION-2d3d727470c1d931 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-df9c042eed58d783:host:172.234.197.23<\/td> SESSION-df9c042eed58d783 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-f8e62b0ad557062a:host:172.234.197.23<\/td> SESSION-f8e62b0ad557062a \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-bcd7e2d1fd452ee5:flow:3c416f42759a<\/td> SESSION-bcd7e2d1fd452ee5 \u2192 flow:3c416f42759a<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-07867b4b46fa60d0:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-07867b4b46fa60d0 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-e7ac586ca0d0ef0f:flow:c4e6a453e687<\/td> SESSION-e7ac586ca0d0ef0f \u2192 flow:c4e6a453e687<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-549cd508c26f4eff:host:128.9.29.131<\/td> SESSION-549cd508c26f4eff \u2192 host:128.9.29.131<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-1ca6064244966ba9:flow:6f0c0a999555<\/td> SESSION-1ca6064244966ba9 \u2192 flow:6f0c0a999555<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:63949:org:Akamai Connected Cloud<\/td> asn:63949 \u2192 org:Akamai Connected Cloud<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-47d044a3990fe914:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-47d044a3990fe914 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-b6e59bfdb17a240e:host:172.234.197.23<\/td> SESSION-b6e59bfdb17a240e \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:92.118.39.236:geo_45.99680_24.99700<\/td> host:92.118.39.236 \u2192 geo_45.99680_24.99700<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-549cd508c26f4eff:host:172.234.197.23<\/td> SESSION-549cd508c26f4eff \u2192 host:172.234.197.23<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-0afee6a6d9f48fa0:PCAP:capture_20260424140001:b547b7157000<\/td> SESSION-0afee6a6d9f48fa0 \u2192 PCAP:capture_20260424140001:b547b7157000<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-df0521ee237a9620:host:97.139.12.85<\/td> SESSION-df0521ee237a9620 \u2192 host:97.139.12.85<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-c365d629ce285be9:SESSION-c365d629ce285be9<\/td> SESSION-c365d629ce285be9 \u2192 pe:tls:SESSION-c365d629ce285be9<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-8a981e11d869c723:SESSION-8a981e11d869c723<\/td> SESSION-8a981e11d869c723 \u2192 pe:tls:SESSION-8a981e11d869c723<\/td><\/tr> flow_observed3-aryOBS<\/td> e:fo:flow:4fa77a1ba33a<\/td> flow:4fa77a1ba33a \u2192 host:58.254.182.115 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-03ccec65d79829da:SESSION-03ccec65d79829da<\/td> SESSION-03ccec65d79829da \u2192 pe:syn:SESSION-03ccec65d79829da<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-fb43e37656185293:host:172.234.197.23<\/td> SESSION-fb43e37656185293 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-8a981e11d869c723:flow:67799a4b0206<\/td> SESSION-8a981e11d869c723 \u2192 flow:67799a4b0206<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-dd03efe0b367bd0d:flow:d5c7343ffad3<\/td> SESSION-dd03efe0b367bd0d \u2192 flow:d5c7343ffad3<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-5846cd006f1eacb7:SESSION-5846cd006f1eacb7<\/td> SESSION-5846cd006f1eacb7 \u2192 pe:syn:SESSION-5846cd006f1eacb7<\/td><\/tr> FLOW_QUERIED_DNSOBS<\/td> e:fd:flow:c4e6a453e687:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td> flow:c4e6a453e687 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:10959da4f2fa<\/td> flow:10959da4f2fa \u2192 host:199.16.157.181 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:1eaa2c354bb9<\/td> flow:1eaa2c354bb9 \u2192 host:35.233.68.173 \u2192 host:172.234.197.23 \u2192 port:tcp:5432 \u2192 svc:postgres<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-d2ebf88e7456c490:SESSION-d2ebf88e7456c490<\/td> SESSION-d2ebf88e7456c490 \u2192 pe:syn:SESSION-d2ebf88e7456c490<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:43d87d43ebf2:port:tcp:42622<\/td> flow:43d87d43ebf2 \u2192 port:tcp:42622<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-e7ac586ca0d0ef0f:host:172.234.197.23<\/td> SESSION-e7ac586ca0d0ef0f \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-a61d2aadfc894ab0:host:172.234.197.23<\/td> SESSION-a61d2aadfc894ab0 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:syn:SESSION-2b16ad2cc059d584:SESSION-2b16ad2cc059d584<\/td> SESSION-2b16ad2cc059d584 \u2192 pe:syn:SESSION-2b16ad2cc059d584<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-e5b926505913cd4c:flow:b9c87c3e6634<\/td> SESSION-e5b926505913cd4c \u2192 flow:b9c87c3e6634<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-dd03efe0b367bd0d:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-dd03efe0b367bd0d \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-7f4ca9b0d8673927:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-7f4ca9b0d8673927 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-1ca6064244966ba9:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-1ca6064244966ba9 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:47890:org:Unmanaged Ltd<\/td> asn:47890 \u2192 org:Unmanaged Ltd<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-72c3b3d3b2889ec2:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-72c3b3d3b2889ec2 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:b8c49dd508ec<\/td> flow:b8c49dd508ec \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:4:org:University of Southern California<\/td> asn:4 \u2192 org:University of Southern California<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-c52a62f7c65f2e1a:host:46.38.236.138:host:172.234.197.23<\/td> SESSION-c52a62f7c65f2e1a \u2192 host:46.38.236.138 \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:8.222.219.23:geo_1.36670_103.80000<\/td> host:8.222.219.23 \u2192 geo_1.36670_103.80000<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-5b6e402ee019b6c1:host:59.6.77.80<\/td> SESSION-5b6e402ee019b6c1 \u2192 host:59.6.77.80<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-43328f9b50a5d423:host:172.234.197.23<\/td> SESSION-43328f9b50a5d423 \u2192 host:172.234.197.23<\/td><\/tr> flow_observed4-aryOBS<\/td> e:fo:flow:8f3f3aa1ab4a<\/td> flow:8f3f3aa1ab4a \u2192 host:172.234.197.23 \u2192 host:2.57.122.196 \u2192 port:tcp:25682<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-f952d347444430eb:host:172.232.0.17<\/td> SESSION-f952d347444430eb \u2192 host:172.232.0.17<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-5b6e402ee019b6c1:SESSION-5b6e402ee019b6c1<\/td> SESSION-5b6e402ee019b6c1 \u2192 pe:rst:SESSION-5b6e402ee019b6c1<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-fc3f949cbddefabd:SESSION-fc3f949cbddefabd<\/td> SESSION-fc3f949cbddefabd \u2192 pe:rst:SESSION-fc3f949cbddefabd<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:2.57.122.196:asn:47890<\/td> host:2.57.122.196 \u2192 asn:47890<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-e7ac586ca0d0ef0f:host:172.232.0.17<\/td> SESSION-e7ac586ca0d0ef0f \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-549cd508c26f4eff:flow:ffb24c296a2c<\/td> SESSION-549cd508c26f4eff \u2192 flow:ffb24c296a2c<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-0938448bdcbd9d9c:PCAP:capture_20260424140001:b547b7157000<\/td> SESSION-0938448bdcbd9d9c \u2192 PCAP:capture_20260424140001:b547b7157000<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-124f188fc662f45b:host:172.234.197.23<\/td> SESSION-124f188fc662f45b \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-f8e62b0ad557062a:host:199.16.157.181<\/td> SESSION-f8e62b0ad557062a \u2192 host:199.16.157.181<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:8f3f3aa1ab4a:port:tcp:25682<\/td> flow:8f3f3aa1ab4a \u2192 port:tcp:25682<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-32c3b80c2cc69cbc:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-32c3b80c2cc69cbc \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:4eaa609c2624<\/td> flow:4eaa609c2624 \u2192 host:43.135.145.73 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:99a9f8b7c5b3:port:tcp:443<\/td> flow:99a9f8b7c5b3 \u2192 port:tcp:443<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-e7ac586ca0d0ef0f:SESSION-e7ac586ca0d0ef0f<\/td> SESSION-e7ac586ca0d0ef0f \u2192 pe:dns:SESSION-e7ac586ca0d0ef0f<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:199.16.157.181:asn:13414<\/td> host:199.16.157.181 \u2192 asn:13414<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-c13e61513d1b018d:flow:42f1c8ab98a8<\/td> SESSION-c13e61513d1b018d \u2192 flow:42f1c8ab98a8<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%<\/td> e:bsg:SESSION-1ca6064244966ba9:BSG-DATA_EXFIL-012d574517f4<\/td> SESSION-1ca6064244966ba9 \u2192 BSG-DATA_EXFIL-012d574517f4<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-fb43e37656185293:SESSION-fb43e37656185293<\/td> SESSION-fb43e37656185293 \u2192 pe:rst:SESSION-fb43e37656185293<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-1f6be4d567980bce:host:172.234.197.23<\/td> SESSION-1f6be4d567980bce \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-1f6be4d567980bce:host:2.57.122.192<\/td> SESSION-1f6be4d567980bce \u2192 host:2.57.122.192<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%<\/td> e:bsg:SESSION-01a793e8041caae3:BSG-DATA_EXFIL-6dd8484f3944<\/td> SESSION-01a793e8041caae3 \u2192 BSG-DATA_EXFIL-6dd8484f3944<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-e5b926505913cd4c:host:92.118.39.236:host:172.234.197.23<\/td> SESSION-e5b926505913cd4c \u2192 host:92.118.39.236 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-5b6e402ee019b6c1:host:172.234.197.23<\/td> SESSION-5b6e402ee019b6c1 \u2192 host:172.234.197.23<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:45.79.109.130:asn:63949<\/td> host:45.79.109.130 \u2192 asn:63949<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-03ccec65d79829da:host:8.222.219.23:host:172.234.197.23<\/td> SESSION-03ccec65d79829da \u2192 host:8.222.219.23 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-1ca6064244966ba9:host:172.234.197.23:host:97.139.12.85<\/td> SESSION-1ca6064244966ba9 \u2192 host:172.234.197.23 \u2192 host:97.139.12.85<\/td><\/tr> FLOW_TLS_SNIOBS<\/td> e:fs:flow:da7065edff23:tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td> flow:da7065edff23 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:58.254.182.115:asn:136958<\/td> host:58.254.182.115 \u2192 asn:136958<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-5846cd006f1eacb7:host:45.79.109.130<\/td> SESSION-5846cd006f1eacb7 \u2192 host:45.79.109.130<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:rst:SESSION-01a793e8041caae3:SESSION-01a793e8041caae3<\/td> SESSION-01a793e8041caae3 \u2192 pe:rst:SESSION-01a793e8041caae3<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-ae4f295d1d4cff7e:host:172.234.197.23<\/td> SESSION-ae4f295d1d4cff7e \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-e5b926505913cd4c:host:172.234.197.23<\/td> SESSION-e5b926505913cd4c \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-bd11a50065a6cb7c:host:144.76.23.47<\/td> SESSION-bd11a50065a6cb7c \u2192 host:144.76.23.47<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-47d044a3990fe914:host:172.232.0.17<\/td> SESSION-47d044a3990fe914 \u2192 host:172.232.0.17<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:6f0c0a999555:port:tcp:60136<\/td> flow:6f0c0a999555 \u2192 port:tcp:60136<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-fe2be36828e6c4a2:host:172.232.0.17<\/td> SESSION-fe2be36828e6c4a2 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%<\/td> e:bsg:SESSION-e9f4a4a9c8d0d99f:BSG-DATA_EXFIL-c24d7cb3a7e4<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 BSG-DATA_EXFIL-c24d7cb3a7e4<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-8a981e11d869c723:host:172.234.197.23<\/td> SESSION-8a981e11d869c723 \u2192 host:172.234.197.23<\/td><\/tr> HOST_GEO_ESTIMATEOBS 60%<\/td> e:hg:host:199.16.157.182:geo_33.76970_-84.37540<\/td> host:199.16.157.182 \u2192 geo_33.76970_-84.37540<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-e5b926505913cd4c:host:92.118.39.236<\/td> SESSION-e5b926505913cd4c \u2192 host:92.118.39.236<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-4efa693f129e7ca6:host:66.228.53.204<\/td> SESSION-4efa693f129e7ca6 \u2192 host:66.228.53.204<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-c13e61513d1b018d:host:172.234.197.23<\/td> SESSION-c13e61513d1b018d \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TLS_SNIOBS<\/td> e:fs:flow:c51bf5b097ea:tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td> flow:c51bf5b097ea \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com<\/td><\/tr> PORT_IMPLIED_SERVICEIMP 70%<\/td> e:ps:port:tcp:22:svc:ssh<\/td> port:tcp:22 \u2192 svc:ssh<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:97.139.12.85:asn:6167<\/td> host:97.139.12.85 \u2192 asn:6167<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%<\/td> e:bsg:SESSION-72c3b3d3b2889ec2:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-72c3b3d3b2889ec2 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-132c0a35e55eb362:host:172.234.197.23:host:23.234.69.80<\/td> SESSION-132c0a35e55eb362 \u2192 host:172.234.197.23 \u2192 host:23.234.69.80<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-8b6b3bfbd3509f3d:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-8b6b3bfbd3509f3d \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:2.57.122.192:asn:47890<\/td> host:2.57.122.192 \u2192 asn:47890<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-7f4ca9b0d8673927:host:172.232.0.17<\/td> SESSION-7f4ca9b0d8673927 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-01a793e8041caae3:SESSION-01a793e8041caae3<\/td> SESSION-01a793e8041caae3 \u2192 pe:tls:SESSION-01a793e8041caae3<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:8075:org:Microsoft Corporation<\/td> asn:8075 \u2192 org:Microsoft Corporation<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:42f1c8ab98a8:port:tcp:80<\/td> flow:42f1c8ab98a8 \u2192 port:tcp:80<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-c365d629ce285be9:host:172.234.197.23<\/td> SESSION-c365d629ce285be9 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-d2ebf88e7456c490:host:92.118.39.197<\/td> SESSION-d2ebf88e7456c490 \u2192 host:92.118.39.197<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:42f1c8ab98a8<\/td> flow:42f1c8ab98a8 \u2192 host:78.153.140.148 \u2192 host:172.234.197.23 \u2192 port:tcp:80 \u2192 svc:http<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:dns:SESSION-07867b4b46fa60d0:SESSION-07867b4b46fa60d0<\/td> SESSION-07867b4b46fa60d0 \u2192 pe:dns:SESSION-07867b4b46fa60d0<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-e15010a8a1e57ef1:host:172.234.197.23<\/td> SESSION-e15010a8a1e57ef1 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_FROM_HOSTOBS<\/td> e:from:SESSION-01a793e8041caae3:host:144.76.23.47<\/td> SESSION-01a793e8041caae3 \u2192 host:144.76.23.47<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-801986a05f874d44:host:172.234.197.23<\/td> SESSION-801986a05f874d44 \u2192 host:172.234.197.23<\/td><\/tr> flow_observed4-aryOBS<\/td> e:fo:flow:6f0c0a999555<\/td> flow:6f0c0a999555 \u2192 host:172.234.197.23 \u2192 host:97.139.12.85 \u2192 port:tcp:60136<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-72c3b3d3b2889ec2:flow:53418f626ce5<\/td> SESSION-72c3b3d3b2889ec2 \u2192 flow:53418f626ce5<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-549cd508c26f4eff:host:128.9.29.131:host:172.234.197.23<\/td> SESSION-549cd508c26f4eff \u2192 host:128.9.29.131 \u2192 host:172.234.197.23<\/td><\/tr> FLOW_TO_HOSTOBS<\/td> e:to:SESSION-e9f4a4a9c8d0d99f:host:172.234.197.23<\/td> SESSION-e9f4a4a9c8d0d99f \u2192 host:172.234.197.23<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:66bb27cf4c04<\/td> flow:66bb27cf4c04 \u2192 host:199.16.157.183 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> HOST_IN_ASNOBS 85%<\/td> e:ha:host:78.153.140.148:asn:202306<\/td> host:78.153.140.148 \u2192 asn:202306<\/td><\/tr> ASN_IN_ORGOBS 80%<\/td> e:ao:asn:45102:org:Alibaba US Technology Co., Ltd.<\/td> asn:45102 \u2192 org:Alibaba US Technology Co., Ltd.<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:991e601541a1:port:udp:53<\/td> flow:991e601541a1 \u2192 port:udp:53<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-137907a1c322972d:host:172.234.197.23<\/td> SESSION-137907a1c322972d \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-dbe1edd4efb49468:flow:1eaa2c354bb9<\/td> SESSION-dbe1edd4efb49468 \u2192 flow:1eaa2c354bb9<\/td><\/tr> SESSION_BETWEEN_HOSTS3-aryOBS<\/td> e:sbh:SESSION-fe2be36828e6c4a2:host:172.234.197.23:host:172.232.0.17<\/td> SESSION-fe2be36828e6c4a2 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-1ca6064244966ba9:host:172.234.197.23<\/td> SESSION-1ca6064244966ba9 \u2192 host:172.234.197.23<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-fe2be36828e6c4a2:flow:d3ab3699f29d<\/td> SESSION-fe2be36828e6c4a2 \u2192 flow:d3ab3699f29d<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-7f4ca9b0d8673927:PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td> SESSION-7f4ca9b0d8673927 \u2192 PCAP:DevOpsPage_20260423_1021pmCST:40cef681a237<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 85%<\/td> e:bsg:SESSION-124f188fc662f45b:BSG-DATA_EXFIL-e6f479c60e03<\/td> SESSION-124f188fc662f45b \u2192 BSG-DATA_EXFIL-e6f479c60e03<\/td><\/tr> SESSION_CONTAINS_EVENTOBS<\/td> e:pe:pe:tls:SESSION-5ae5c17cec58f583:SESSION-5ae5c17cec58f583<\/td> SESSION-5ae5c17cec58f583 \u2192 pe:tls:SESSION-5ae5c17cec58f583<\/td><\/tr> FLOW_DST_PORTOBS<\/td> e:fp:flow:d5c7343ffad3:port:udp:53<\/td> flow:d5c7343ffad3 \u2192 port:udp:53<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-f952d347444430eb:flow:b8c49dd508ec<\/td> SESSION-f952d347444430eb \u2192 flow:b8c49dd508ec<\/td><\/tr> SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td> e:bsg:SESSION-2d3d727470c1d931:BSG-BEACON-f6c2b3d0e42d<\/td> SESSION-2d3d727470c1d931 \u2192 BSG-BEACON-f6c2b3d0e42d<\/td><\/tr> SESSION_DERIVED_FROM_PCAPOBS<\/td> e:derived:SESSION-fe2be36828e6c4a2:PCAP:capture_20260424160001:21dcec78926d<\/td> SESSION-fe2be36828e6c4a2 \u2192 PCAP:capture_20260424160001:21dcec78926d<\/td><\/tr> SESSION_OBSERVED_FLOWOBS<\/td> e:sof:SESSION-ae4f295d1d4cff7e:flow:9f56a1b92a85<\/td> SESSION-ae4f295d1d4cff7e \u2192 flow:9f56a1b92a85<\/td><\/tr> flow_observed5-aryOBS<\/td> e:fo:flow:da7065edff23<\/td> flow:da7065edff23 \u2192 host:144.76.23.47 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr> SESSION_OBSERVED_HOSTOBS<\/td> e:soh:SESSION-f952d347444430eb:host:172.234.197.23<\/td> SESSION-f952d347444430eb \u2192 host:172.234.197.23<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"