{"id":6057,"date":"2026-05-18T21:50:00","date_gmt":"2026-05-18T21:50:00","guid":{"rendered":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/?page_id=6057"},"modified":"2026-05-18T23:03:21","modified_gmt":"2026-05-18T23:03:21","slug":"scythe-8af8785e-session-858ec5d25a7b6232","status":"publish","type":"page","link":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/?page_id=6057","title":{"rendered":"scythe-8af8785e SESSION-858ec5d25a7b6232"},"content":{"rendered":"\n
session-hypergraph-SESSION-858ec5d2<\/a>Download<\/a><\/div>\n\n\n\n

<\/p>\n\n\n\n

1<\/strong> PCAPs \u2022 79<\/strong> sessions \u2022 45<\/strong> hosts \u2022 29<\/strong> \ud83c\udf0d geolocated<\/p>\n\n\n\n

\u25b6 \ud83d\udcc4 cap_05182026_430pmCST.pcapng<\/p>\n\n\n\n

354.9 KB \u2022 79 sessions \u2022 UDP:30 TCP:45 ICMP:3 OTHER:1<\/p>\n\n\n\n

Paths: 25\nPhysical: 25\nSynthetic: 0\nCables: 8\nIX: 2\nConflicts: 0\nCSI: 0\nCascades: 0\n\ud83d\udc7b Phantoms: 0\nKill Chain: 0\nAS15169 \u2192 AS249403 hops \u00b7 0%\nAS15169 \u2192 AS3356 \u2192 AS24940\n8076 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS15169 \u2192 AS80753 hops \u00b7 0%\nAS15169 \u2192 AS3356 \u2192 AS8075\n\ud83d\udd17 AAG (Asia-America Gateway), JUPITER\n1722 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS15169 \u2192 AS541133 hops \u00b7 0%\nAS15169 \u2192 AS3356 \u2192 AS54113\n\ud83d\udd17 AAG (Asia-America Gateway), JUPITER\n560 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS15169 \u2192 AS80753 hops \u00b7 0%\nAS15169 \u2192 AS3356 \u2192 AS8075\n\ud83d\udd17 AAG (Asia-America Gateway), JUPITER\n928 km\n\u26a1 IX AS15169 \u2192 AS146183 hops \u00b7 0%\nAS15169 \u2192 AS3356 \u2192 AS14618\n\u26a1 Equinix Chicago\n1683 km\nAS15169 \u2192 AS80753 hops \u00b7 0%\nAS15169 \u2192 AS3356 \u2192 AS8075\n559 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS15169 \u2192 AS3969822 hops \u00b7 0%\nAS15169 \u2192 AS396982\n\ud83d\udd17 AAG (Asia-America Gateway), JUPITER\n320 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS24940 \u2192 AS80753 hops \u00b7 0%\nAS24940 \u2192 AS3356 \u2192 AS8075\n\ud83d\udd17 Grace Hopper\n7006 km\nAS24940 \u2192 AS541133 hops \u00b7 0%\nAS24940 \u2192 AS3356 \u2192 AS54113\n8451 km\nAS24940 \u2192 AS80753 hops \u00b7 0%\nAS24940 \u2192 AS3356 \u2192 AS8075\n8844 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS24940 \u2192 AS146183 hops \u00b7 0%\nAS24940 \u2192 AS3356 \u2192 AS14618\n\ud83d\udd17 Grace Hopper\n6536 km\nAS24940 \u2192 AS80753 hops \u00b7 0%\nAS24940 \u2192 AS3356 \u2192 AS8075\n7516 km\nAS24940 \u2192 AS3969823 hops \u00b7 0%\nAS24940 \u2192 AS3356 \u2192 AS396982\n7780 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS8075 \u2192 AS541133 hops \u00b7 0%\nAS8075 \u2192 AS3356 \u2192 AS54113\n\ud83d\udd17 AAG (Asia-America Gateway), JUPITER\n1735 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE\u26a1 IX AS8075 \u2192 AS146183 hops \u00b7 0%\nAS8075 \u2192 AS3356 \u2192 AS14618\n\ud83d\udd17 Grace Hopper, Firmina, Dunant, FLAG Atlantic-1, MAREA\n\u26a1 Equinix Ashburn\n779 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE\u26a1 IX AS8075 \u2192 AS3969823 hops \u00b7 0%\nAS8075 \u2192 AS3356 \u2192 AS396982\n\ud83d\udd17 AAG (Asia-America Gateway), JUPITER\n\u26a1 Equinix Chicago\n1444 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS54113 \u2192 AS80753 hops \u00b7 0%\nAS54113 \u2192 AS3356 \u2192 AS8075\n\ud83d\udd17 AAG (Asia-America Gateway), JUPITER\n406 km\n\u26a1 IX AS54113 \u2192 AS146183 hops \u00b7 0%\nAS54113 \u2192 AS3356 \u2192 AS14618\n\u26a1 Equinix Chicago\n1936 km\nAS54113 \u2192 AS80753 hops \u00b7 0%\nAS54113 \u2192 AS3356 \u2192 AS8075\n1021 km\n\u2713 PHYSICAL\ud83d\udd17 CABLE AS54113 \u2192 AS3969823 hops \u00b7 0%\nAS54113 \u2192 AS3356 \u2192 AS396982\n\ud83d\udd17 AAG (Asia-America Gateway), JUPITER\n731 km\n[6:02:09 PM] \u2713 25 paths \u00b7 0 synthetic<\/code><\/pre>\n\n\n\n
Kind<\/th>ID<\/th>Labels<\/th>Position<\/th><\/tr><\/thead>
asn<\/td>asn:54113<\/td>asn=54,113, org=Fastly, Inc.<\/td><\/td><\/tr>
asn<\/td>asn:24940<\/td>asn=24,940, org=Hetzner Online GmbH<\/td><\/td><\/tr>
asn<\/td>asn:397273<\/td>asn=397,273, org=Render<\/td><\/td><\/tr>
asn<\/td>asn:20940<\/td>asn=20,940, org=Akamai International B.V.<\/td><\/td><\/tr>
asn<\/td>asn:16509<\/td>asn=16,509, org=Amazon.com, Inc.<\/td><\/td><\/tr>
asn<\/td>asn:8075<\/td>asn=8,075, org=Microsoft Corporation<\/td><\/td><\/tr>
asn<\/td>asn:36236<\/td>asn=36,236, org=NetActuate, Inc<\/td><\/td><\/tr>
asn<\/td>asn:396982<\/td>asn=396,982, org=Google LLC<\/td><\/td><\/tr>
asn<\/td>asn:15169<\/td>asn=15,169, org=Google LLC<\/td><\/td><\/tr>
asn<\/td>asn:6167<\/td>asn=6,167, org=Verizon Business<\/td><\/td><\/tr>
asn<\/td>asn:14618<\/td>asn=14,618, org=Amazon.com, Inc.<\/td><\/td><\/tr>
behavior_group<\/td>BSG-DATA_EXFIL-e7f288856e4c<\/td>behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=32594, dst_ip=, member_count=1, src_ip=209.177.156.94, summary=Exfil suspect: 209.177.156.94 \u2192 1 destinations, 32,594B total, max 32,594B\/session, total_bytes=32,594, total_packets=115, unique_hosts=1, unique_ports=0<\/td><\/td><\/tr>
behavior_group<\/td>BSG-BEACON-3fa1dca5627c<\/td>behavior=BEACON, confidence=0.9, detection_rationale=timing_cv=0.00 (\u22640.5); byte_cv=0.00 (\u22640.6), dst_ip=151.101.113.140, dst_port=443, interval_cv=0, mean_interval=0, member_count=3, src_ip=192.168.1.185, summary=Beacon: 192.168.1.185 \u2192 151.101.113.140:443, 3 sessions, interval CV=0.00, mean 121B, total_bytes=363, total_packets=6, unique_hosts=0, unique_ports=0<\/td><\/td><\/tr>
behavior_group<\/td>BSG-HORIZ_SCAN-cd2c52661c4b<\/td>behavior=HORIZ_SCAN, confidence=0.8, detection_rationale=unique_hosts=19; short_sessions=84%, dst_ip=, dst_port=443, member_count=31, src_ip=192.168.1.185, summary=Horizontal scan: 192.168.1.185 \u2192 19 hosts on port 443, 31 sessions, total_bytes=255,098, total_packets=442, unique_hosts=19, unique_ports=0<\/td><\/td><\/tr>
behavior_group<\/td>BSG-DATA_EXFIL-78b438a917b5<\/td>behavior=DATA_EXFIL, confidence=0.95, detection_rationale=total_bytes=207718; large_volume (\u2265100KB); high_rate (67388 B\/s); repeated (5 sessions), dst_ip=, member_count=5, src_ip=192.168.1.185, summary=Exfil suspect: 192.168.1.185 \u2192 4 destinations, 207,718B total, max 141,514B\/session, total_bytes=207,718, total_packets=246, unique_hosts=4, unique_ports=0<\/td><\/td><\/tr>
behavior_group<\/td>BSG-BEACON-4bc57cbec7cd<\/td>behavior=BEACON, confidence=0.9, detection_rationale=timing_cv=0.00 (\u22640.5); byte_cv=0.41 (\u22640.6), dst_ip=192.168.1.1, dst_port=46,407, interval_cv=0, mean_interval=0, member_count=3, src_ip=192.168.1.185, summary=Beacon: 192.168.1.185 \u2192 192.168.1.1:46407, 3 sessions, interval CV=0.00, mean 2713B, total_bytes=8,138, total_packets=32, unique_hosts=0, unique_ports=0<\/td><\/td><\/tr>
dns_name<\/td>dns:wpad.mynetworksettings.com<\/td>answer_count=0, qname=wpad.mynetworksettings.com<\/td><\/td><\/tr>
dns_name<\/td>dns:bat.bing.com<\/td>answer_count=4, qname=bat.bing.com<\/td><\/td><\/tr>
dns_name<\/td>dns:signaler-pa.clients6.google.com<\/td>answer_count=1, qname=signaler-pa.clients6.google.com<\/td><\/td><\/tr>
dns_name<\/td>dns:browser.events.data.microsoft.com<\/td>answer_count=3, qname=browser.events.data.microsoft.com<\/td><\/td><\/tr>
dns_name<\/td>dns:ctldl.windowsupdate.com<\/td>answer_count=8, qname=ctldl.windowsupdate.com<\/td><\/td><\/tr>
dns_name<\/td>dns:remotedesktop-pa.googleapis.com<\/td>answer_count=9, qname=remotedesktop-pa.googleapis.com<\/td><\/td><\/tr>
dns_name<\/td>dns:chatgpt.com<\/td>answer_count=6, qname=chatgpt.com<\/td><\/td><\/tr>
dns_name<\/td>dns:copilot.microsoft.com<\/td>answer_count=4, qname=copilot.microsoft.com<\/td><\/td><\/tr>
flow<\/td>flow:f25397a8d5d5<\/td>bytes=11,087, dst_ip=104.18.32.47, dst_port=443, pkts=18, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:478de54cd94a<\/td>bytes=498, dst_ip=97.178.32.239, dst_port=31,036, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:abe950115ba3<\/td>bytes=121, dst_ip=13.107.226.57, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:9d482c927ad5<\/td>bytes=1,924, dst_ip=192.200.0.112, dst_port=443, pkts=5, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:027ad06c15d5<\/td>bytes=321, dst_ip=192.168.1.185, dst_port=55,880, pkts=5, proto=tcp, src_ip=104.18.36.216<\/td><\/td><\/tr>
flow<\/td>flow:e36e1209129d<\/td>bytes=228, dst_ip=192.168.1.185, dst_port=51,049, pkts=3, proto=tcp, src_ip=216.24.57.251<\/td><\/td><\/tr>
flow<\/td>flow:c65476284ea0<\/td>bytes=321, dst_ip=192.168.1.185, dst_port=61,509, pkts=5, proto=tcp, src_ip=162.159.128.61<\/td><\/td><\/tr>
flow<\/td>flow:189be888c3af<\/td>bytes=13,297, dst_ip=104.18.23.222, dst_port=443, pkts=21, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:bab9257727f6<\/td>bytes=137, dst_ip=23.219.160.5, dst_port=443, pkts=2, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:b41e05b0f148<\/td>bytes=156, dst_ip=209.177.158.246, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:f6fc82e11042<\/td>bytes=218, dst_ip=192.168.1.1, dst_port=5,351, pkts=4, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:660ca437efa1<\/td>bytes=1,712, dst_ip=192.168.1.1, dst_port=53, pkts=14, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:779733f74ceb<\/td>bytes=441, dst_ip=104.208.203.89, dst_port=443, pkts=4, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:4eed5ff51111<\/td>bytes=1,782, dst_ip=192.168.1.1, dst_port=46,407, pkts=10, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:4ac806f4d834<\/td>bytes=422, dst_ip=20.62.59.32, dst_port=443, pkts=6, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:ef26bc2c964d<\/td>bytes=321, dst_ip=192.168.1.185, dst_port=62,104, pkts=5, proto=tcp, src_ip=172.64.151.22<\/td><\/td><\/tr>
flow<\/td>flow:21a678dc75de<\/td>bytes=1,951, dst_ip=199.165.136.100, dst_port=443, pkts=6, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:a25fcb74f721<\/td>bytes=228, dst_ip=192.168.1.185, dst_port=58,631, pkts=3, proto=tcp, src_ip=216.24.57.7<\/td><\/td><\/tr>
flow<\/td>flow:7395be855a32<\/td>bytes=3,492, dst_ip=192.168.1.185, dst_port=0, pkts=18, proto=icmp, src_ip=97.178.32.239<\/td><\/td><\/tr>
flow<\/td>flow:0523b90826b8<\/td>bytes=193, dst_ip=192.168.1.185, dst_port=51,645, pkts=2, proto=tcp, src_ip=192.200.0.112<\/td><\/td><\/tr>
flow<\/td>flow:cb933110cf94<\/td>bytes=5,086, dst_ip=199.165.136.100, dst_port=443, pkts=25, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:df281449ac19<\/td>bytes=1,164, dst_ip=192.168.1.185, dst_port=0, pkts=6, proto=icmp, src_ip=97.178.32.239<\/td><\/td><\/tr>
flow<\/td>flow:46c89f86a16a<\/td>bytes=245, dst_ip=23.219.160.5, dst_port=443, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:00f4e10d6ac7<\/td>bytes=2,508, dst_ip=192.168.1.185, dst_port=43,844, pkts=15, proto=tcp, src_ip=209.177.156.94<\/td><\/td><\/tr>
flow<\/td>flow:9cc54a60d88a<\/td>bytes=4,440, dst_ip=192.168.1.185, dst_port=54,986, pkts=5, proto=tcp, src_ip=167.235.217.196<\/td><\/td><\/tr>
flow<\/td>flow:300bb0be41cf<\/td>bytes=121, dst_ip=151.101.113.140, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:03d3562fa35f<\/td>bytes=498, dst_ip=97.178.32.239, dst_port=52,243, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:ab2fda60ec38<\/td>bytes=121, dst_ip=150.171.28.10, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:7fc08133133d<\/td>bytes=498, dst_ip=172.19.0.1, dst_port=44,244, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:26faad66f81e<\/td>bytes=498, dst_ip=172.18.0.1, dst_port=44,244, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:4f5810e72704<\/td>bytes=156, dst_ip=192.73.244.245, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:007f4ea11c64<\/td>bytes=121, dst_ip=135.234.174.40, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:82ce7409c0ca<\/td>bytes=893, dst_ip=151.101.114.172, dst_port=80, pkts=7, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:df1c396b8733<\/td>bytes=306, dst_ip=192.168.1.185, dst_port=51,966, pkts=5, proto=tcp, src_ip=23.213.232.172<\/td><\/td><\/tr>
flow<\/td>flow:f5abaef54664<\/td>bytes=4,269, dst_ip=192.168.1.1, dst_port=46,407, pkts=12, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:481a8cb33c5b<\/td>bytes=230, dst_ip=192.168.1.1, dst_port=5,351, pkts=4, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:a3f08c1df1f5<\/td>bytes=30,133, dst_ip=192.73.248.83, dst_port=443, pkts=96, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:c0b4f157e073<\/td>bytes=121, dst_ip=34.111.31.13, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:dc8e0c394478<\/td>bytes=410, dst_ip=192.168.1.1, dst_port=53, pkts=4, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:1fbee9feb06d<\/td>bytes=321, dst_ip=192.168.1.185, dst_port=51,146, pkts=5, proto=tcp, src_ip=104.18.1.62<\/td><\/td><\/tr>
flow<\/td>flow:d479ce3b7365<\/td>bytes=141, dst_ip=192.168.1.185, dst_port=54,629, pkts=2, proto=tcp, src_ip=52.110.6.13<\/td><\/td><\/tr>
flow<\/td>flow:bf7a9427297d<\/td>bytes=1,621, dst_ip=192.168.1.1, dst_port=0, pkts=5, proto=icmp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:05b4e5b174c0<\/td>bytes=3,585, dst_ip=192.168.1.185, dst_port=54,986, pkts=4, proto=tcp, src_ip=167.235.217.196<\/td><\/td><\/tr>
flow<\/td>flow:341692033057<\/td>bytes=498, dst_ip=97.178.32.239, dst_port=41,641, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:5b983251f483<\/td>bytes=1,002, dst_ip=192.168.1.185, dst_port=52,133, pkts=14, proto=tcp, src_ip=104.18.22.222<\/td><\/td><\/tr>
flow<\/td>flow:0c699e4ab5c4<\/td>bytes=822, dst_ip=192.168.1.1, dst_port=53, pkts=6, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:d658b18ff560<\/td>bytes=120, dst_ip=224.0.0.22, dst_port=0, pkts=2, proto=other, src_ip=192.168.1.165<\/td><\/td><\/tr>
flow<\/td>flow:bf8f4a131249<\/td>bytes=498, dst_ip=172.17.0.1, dst_port=44,244, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:a912cd07306b<\/td>bytes=498, dst_ip=172.29.16.1, dst_port=41,641, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:c378386f9a22<\/td>bytes=3,906, dst_ip=150.171.28.10, dst_port=443, pkts=11, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:65175f124256<\/td>bytes=642, dst_ip=199.165.136.100, dst_port=443, pkts=4, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:7986b2093729<\/td>bytes=11,687, dst_ip=104.18.32.47, dst_port=443, pkts=21, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:51a92af49050<\/td>bytes=121, dst_ip=76.76.21.22, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:d84a13678d67<\/td>bytes=8,541, dst_ip=142.250.113.95, dst_port=443, pkts=20, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:dd3dd13e1b60<\/td>bytes=156, dst_ip=209.177.158.246, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:495f7c8d94fd<\/td>bytes=32,594, dst_ip=192.168.1.185, dst_port=43,844, pkts=115, proto=tcp, src_ip=209.177.156.94<\/td><\/td><\/tr>
flow<\/td>flow:e34282443dab<\/td>bytes=1,532, dst_ip=142.250.115.95, dst_port=443, pkts=11, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:1cae684ccaf1<\/td>bytes=121, dst_ip=35.190.80.1, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:a42e7b1c53d5<\/td>bytes=156, dst_ip=209.177.156.94, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:7be9da9aa76d<\/td>bytes=141,514, dst_ip=52.182.143.215, dst_port=443, pkts=90, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:60dd2a974649<\/td>bytes=230, dst_ip=192.168.1.1, dst_port=5,351, pkts=4, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:65c7de267840<\/td>bytes=218, dst_ip=192.168.1.1, dst_port=5,351, pkts=4, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:0380e0cd29dc<\/td>bytes=220, dst_ip=192.168.1.185, dst_port=52,640, pkts=3, proto=tcp, src_ip=104.18.39.21<\/td><\/td><\/tr>
flow<\/td>flow:f79c1639a1f7<\/td>bytes=498, dst_ip=97.178.32.239, dst_port=11,130, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:f3b81336df74<\/td>bytes=121, dst_ip=151.101.112.217, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:f19ee6508782<\/td>bytes=220, dst_ip=192.168.1.185, dst_port=58,457, pkts=3, proto=tcp, src_ip=104.18.39.21<\/td><\/td><\/tr>
flow<\/td>flow:46f60ddc23a2<\/td>bytes=2,087, dst_ip=192.168.1.1, dst_port=46,407, pkts=10, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:62d01d1bf747<\/td>bytes=156, dst_ip=192.73.243.135, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:fdf049da8b14<\/td>bytes=156, dst_ip=209.177.156.94, dst_port=3,478, pkts=2, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:6fe67514daf4<\/td>bytes=2,238, dst_ip=192.73.248.83, dst_port=443, pkts=13, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:3d20532e84ed<\/td>bytes=9,890, dst_ip=23.219.160.5, dst_port=443, pkts=40, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:919c57e90236<\/td>bytes=8,434, dst_ip=142.250.115.95, dst_port=443, pkts=21, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:c44b4fd56f98<\/td>bytes=298, dst_ip=192.168.1.185, dst_port=60,920, pkts=4, proto=udp, src_ip=216.239.32.223<\/td><\/td><\/tr>
flow<\/td>flow:137f07aaadb4<\/td>bytes=498, dst_ip=97.178.32.239, dst_port=41,641, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:d83699920b5b<\/td>bytes=121, dst_ip=151.101.113.140, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:682d5368c69e<\/td>bytes=498, dst_ip=97.178.32.239, dst_port=1,050, pkts=3, proto=udp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:eb3b47352f67<\/td>bytes=121, dst_ip=151.101.113.140, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:9aa8161296f7<\/td>bytes=660, dst_ip=199.165.136.100, dst_port=443, pkts=3, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
flow<\/td>flow:5a246bdf60e4<\/td>bytes=121, dst_ip=135.234.174.40, dst_port=443, pkts=2, proto=tcp, src_ip=192.168.1.185<\/td><\/td><\/tr>
geo_point<\/td>geo_34.05440_-118.24400<\/td>city=Los Angeles, country=US<\/td>[34.0544, -118.2440, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_29.42270_-98.49270<\/td>city=San Antonio, country=US<\/td>[29.4227, -98.4927, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_29.75390_-95.35900<\/td>city=Houston, country=US<\/td>[29.7539, -95.3590, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_34.02330_-117.85120<\/td>city=Walnut, country=US<\/td>[34.0233, -117.8512, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_38.70950_-78.15390<\/td>city=Washington, country=US<\/td>[38.7095, -78.1539, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_41.88350_-87.63050<\/td>city=Chicago, country=US<\/td>[41.8835, -87.6305, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_37.75100_-97.82200<\/td>city=, country=US<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_43.63190_-79.37160<\/td>city=, country=CA<\/td>[43.6319, -79.3716, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_36.66940_-78.38770<\/td>city=Boydton, country=US<\/td>[36.6694, -78.3877, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_29.82840_-95.46960<\/td>city=Houston, country=US<\/td>[29.8284, -95.4696, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_39.10270_-94.57780<\/td>city=Kansas City, country=US<\/td>[39.1027, -94.5778, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_32.77970_-96.80220<\/td>city=Dallas, country=US<\/td>[32.7797, -96.8022, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_50.47770_12.36490<\/td>city=Falkenstein, country=DE<\/td>[50.4777, 12.3649, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_41.60150_-93.61270<\/td>city=Des Moines, country=US<\/td>[41.6015, -93.6127, 0.0000] \ud83c\udf10<\/td><\/tr>
geo_point<\/td>geo_25.77010_-80.19280<\/td>city=Miami, country=US<\/td>[25.7701, -80.1928, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:104.18.39.21<\/td>bytes=220, ip=104.18.39.21<\/td><\/td><\/tr>
host<\/td>host:52.182.143.215<\/td>bytes=141,514, city=Des Moines, country=US, ip=52.182.143.215, org=Microsoft Corporation<\/td>[41.6015, -93.6127, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:104.18.23.222<\/td>bytes=13,297, ip=104.18.23.222<\/td><\/td><\/tr>
host<\/td>host:52.110.6.13<\/td>bytes=141, city=San Antonio, country=US, ip=52.110.6.13, org=Microsoft Corporation<\/td>[29.4227, -98.4927, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:104.18.1.62<\/td>bytes=321, ip=104.18.1.62<\/td><\/td><\/tr>
host<\/td>host:192.168.1.165<\/td>bytes=120, ip=192.168.1.165<\/td><\/td><\/tr>
host<\/td>host:216.24.57.251<\/td>bytes=228, city=, country=US, ip=216.24.57.251, org=Render<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:167.235.217.196<\/td>bytes=3,585, city=Falkenstein, country=DE, ip=167.235.217.196, org=Hetzner Online GmbH<\/td>[50.4777, 12.3649, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:13.107.226.57<\/td>bytes=121, city=, country=US, ip=13.107.226.57, org=Microsoft Corporation<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:97.178.32.239<\/td>bytes=3,492, city=Houston, country=US, ip=97.178.32.239, org=Verizon Business<\/td>[29.8284, -95.4696, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:192.200.0.112<\/td>bytes=1,924, city=, country=CA, ip=192.200.0.112, org=Amazon.com, Inc.<\/td>[43.6319, -79.3716, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:23.219.160.5<\/td>bytes=9,890, city=Houston, country=US, ip=23.219.160.5, org=Akamai International B.V.<\/td>[29.7539, -95.3590, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:192.168.1.1<\/td>bytes=2,087, ip=192.168.1.1<\/td><\/td><\/tr>
host<\/td>host:162.159.128.61<\/td>bytes=321, ip=162.159.128.61<\/td><\/td><\/tr>
host<\/td>host:172.18.0.1<\/td>bytes=498, ip=172.18.0.1<\/td><\/td><\/tr>
host<\/td>host:23.213.232.172<\/td>bytes=306, city=Dallas, country=US, ip=23.213.232.172, org=Akamai International B.V.<\/td>[32.7797, -96.8022, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:151.101.114.172<\/td>bytes=893, city=Dallas, country=US, ip=151.101.114.172, org=Fastly, Inc.<\/td>[32.7797, -96.8022, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:192.73.243.135<\/td>bytes=156, city=Miami, country=US, ip=192.73.243.135, org=NetActuate, Inc<\/td>[25.7701, -80.1928, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:216.239.32.223<\/td>bytes=298, city=, country=US, ip=216.239.32.223, org=Google LLC<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:192.73.244.245<\/td>bytes=156, city=Los Angeles, country=US, ip=192.73.244.245, org=NetActuate, Inc<\/td>[34.0544, -118.2440, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:172.19.0.1<\/td>bytes=498, ip=172.19.0.1<\/td><\/td><\/tr>
host<\/td>host:172.64.151.22<\/td>bytes=321, ip=172.64.151.22<\/td><\/td><\/tr>
host<\/td>host:135.234.174.40<\/td>bytes=121, city=Washington, country=US, ip=135.234.174.40, org=Microsoft Corporation<\/td>[38.7095, -78.1539, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:216.24.57.7<\/td>bytes=228, city=, country=US, ip=216.24.57.7, org=Render<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:104.18.36.216<\/td>bytes=321, ip=104.18.36.216<\/td><\/td><\/tr>
host<\/td>host:150.171.28.10<\/td>bytes=121, city=, country=US, ip=150.171.28.10, org=Microsoft Corporation<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:209.177.158.246<\/td>bytes=156, city=Chicago, country=US, ip=209.177.158.246, org=NetActuate, Inc<\/td>[41.8835, -87.6305, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:192.168.1.185<\/td>bytes=3,585, ip=192.168.1.185<\/td><\/td><\/tr>
host<\/td>host:104.18.32.47<\/td>bytes=11,687, ip=104.18.32.47<\/td><\/td><\/tr>
host<\/td>host:104.208.203.89<\/td>bytes=441, city=Boydton, country=US, ip=104.208.203.89, org=Microsoft Corporation<\/td>[36.6694, -78.3877, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:34.111.31.13<\/td>bytes=121, city=Kansas City, country=US, ip=34.111.31.13, org=Google LLC<\/td>[39.1027, -94.5778, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:104.18.22.222<\/td>bytes=1,002, ip=104.18.22.222<\/td><\/td><\/tr>
host<\/td>host:199.165.136.100<\/td>bytes=1,951, city=, country=CA, ip=199.165.136.100, org=Amazon.com, Inc.<\/td>[43.6319, -79.3716, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:151.101.113.140<\/td>bytes=121, city=Dallas, country=US, ip=151.101.113.140, org=Fastly, Inc.<\/td>[32.7797, -96.8022, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:142.250.113.95<\/td>bytes=8,541, city=, country=US, ip=142.250.113.95, org=Google LLC<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:142.250.115.95<\/td>bytes=1,532, city=, country=US, ip=142.250.115.95, org=Google LLC<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:172.29.16.1<\/td>bytes=498, ip=172.29.16.1<\/td><\/td><\/tr>
host<\/td>host:224.0.0.22<\/td>bytes=120, ip=224.0.0.22<\/td><\/td><\/tr>
host<\/td>host:192.73.248.83<\/td>bytes=30,133, city=Dallas, country=US, ip=192.73.248.83, org=NetActuate, Inc<\/td>[32.7797, -96.8022, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:172.17.0.1<\/td>bytes=498, ip=172.17.0.1<\/td><\/td><\/tr>
host<\/td>host:151.101.112.217<\/td>bytes=121, city=Dallas, country=US, ip=151.101.112.217, org=Fastly, Inc.<\/td>[32.7797, -96.8022, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:76.76.21.22<\/td>bytes=121, city=Walnut, country=US, ip=76.76.21.22, org=Amazon.com, Inc.<\/td>[34.0233, -117.8512, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:20.62.59.32<\/td>bytes=422, city=Boydton, country=US, ip=20.62.59.32, org=Microsoft Corporation<\/td>[36.6694, -78.3877, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:209.177.156.94<\/td>bytes=156, city=Dallas, country=US, ip=209.177.156.94, org=NetActuate, Inc<\/td>[32.7797, -96.8022, 0.0000] \ud83c\udf10<\/td><\/tr>
host<\/td>host:35.190.80.1<\/td>bytes=121, city=, country=US, ip=35.190.80.1, org=Google LLC<\/td>[37.7510, -97.8220, 0.0000] \ud83c\udf10<\/td><\/tr>
http_host<\/td>http_host:ctldl.windowsupdate.com<\/td>host=ctldl.windowsupdate.com<\/td><\/td><\/tr>
org<\/td>org:Akamai International B.V.<\/td>name=Akamai International B.V.<\/td><\/td><\/tr>
org<\/td>org:Fastly, Inc.<\/td>name=Fastly, Inc.<\/td><\/td><\/tr>
org<\/td>org:Hetzner Online GmbH<\/td>name=Hetzner Online GmbH<\/td><\/td><\/tr>
org<\/td>org:Amazon.com, Inc.<\/td>name=Amazon.com, Inc.<\/td><\/td><\/tr>
org<\/td>org:Render<\/td>name=Render<\/td><\/td><\/tr>
org<\/td>org:Google LLC<\/td>name=Google LLC<\/td><\/td><\/tr>
org<\/td>org:NetActuate, Inc<\/td>name=NetActuate, Inc<\/td><\/td><\/tr>
org<\/td>org:Microsoft Corporation<\/td>name=Microsoft Corporation<\/td><\/td><\/tr>
org<\/td>org:Verizon Business<\/td>name=Verizon Business<\/td><\/td><\/tr>
pcap_artifact<\/td>PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>file_size=363,452, filename=cap_05182026_430pmCST.pcapng, ingested_at=2026-05-18T21:41:28.697945+00:00<\/td><\/td><\/tr>
port_hub<\/td>port:udp:5351<\/td>port=5,351, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:61509<\/td>port=61,509, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:3478<\/td>port=3,478, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:58457<\/td>port=58,457, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:60920<\/td>port=60,920, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:55880<\/td>port=55,880, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:54629<\/td>port=54,629, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:443<\/td>port=443, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:443<\/td>port=443, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:41641<\/td>port=41,641, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:52640<\/td>port=52,640, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:51146<\/td>port=51,146, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:51966<\/td>port=51,966, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:52133<\/td>port=52,133, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:80<\/td>port=80, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:58631<\/td>port=58,631, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:54986<\/td>port=54,986, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:31036<\/td>port=31,036, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:52243<\/td>port=52,243, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:62104<\/td>port=62,104, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:44244<\/td>port=44,244, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:1050<\/td>port=1,050, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:51049<\/td>port=51,049, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:46407<\/td>port=46,407, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:43844<\/td>port=43,844, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:tcp:51645<\/td>port=51,645, proto=tcp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:11130<\/td>port=11,130, proto=udp<\/td><\/td><\/tr>
port_hub<\/td>port:udp:53<\/td>port=53, proto=udp<\/td><\/td><\/tr>
protocol_event<\/td>pe:dns:SESSION-58f9cafe500f64ad<\/td>event_type=DNS_EXCHANGE, query_count=14, session=SESSION-58f9cafe500f64ad<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-b7d90a2138968fa3<\/td>event_type=TLS_SESSION, packet_count=115, session=SESSION-b7d90a2138968fa3<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-de97a19f0937505c<\/td>event_type=TLS_SESSION, packet_count=5, session=SESSION-de97a19f0937505c<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-e53f703ab7b48a77<\/td>event_type=TLS_SESSION, packet_count=3, session=SESSION-e53f703ab7b48a77<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-5673cdc8e15ecc28<\/td>event_type=TLS_SESSION, packet_count=5, session=SESSION-5673cdc8e15ecc28<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-05305b96b26cdffd<\/td>event_type=TLS_SESSION, packet_count=3, session=SESSION-05305b96b26cdffd<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-787a71cfd2c6f769<\/td>event_type=TLS_SESSION, packet_count=5, session=SESSION-787a71cfd2c6f769<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-e565a4fbf5cff09b<\/td>event_type=TLS_SESSION, packet_count=13, session=SESSION-e565a4fbf5cff09b<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-934baa2aae663ceb<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-934baa2aae663ceb<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-cbcc97483386b4f3<\/td>event_type=TLS_SESSION, packet_count=21, session=SESSION-cbcc97483386b4f3<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-c8f5f362e7c0c5c8<\/td>event_type=TLS_SESSION, packet_count=3, session=SESSION-c8f5f362e7c0c5c8<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-2014bf32e6dab59e<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-2014bf32e6dab59e<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-99947e3aab494326<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-99947e3aab494326<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-055fd962754012c2<\/td>event_type=TLS_SESSION, packet_count=4, session=SESSION-055fd962754012c2<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-9c845bfb2b534b59<\/td>event_type=TLS_SESSION, packet_count=11, session=SESSION-9c845bfb2b534b59<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-bc4350b5c6d66f3f<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-bc4350b5c6d66f3f<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-184b3698d564c9c7<\/td>event_type=TLS_SESSION, packet_count=3, session=SESSION-184b3698d564c9c7<\/td><\/td><\/tr>
protocol_event<\/td>pe:syn:SESSION-06fade4febc8462c<\/td>count=2, event_type=TCP_SYN, session=SESSION-06fade4febc8462c<\/td><\/td><\/tr>
protocol_event<\/td>pe:syn:SESSION-81e5b5be161de125<\/td>count=2, event_type=TCP_SYN, session=SESSION-81e5b5be161de125<\/td><\/td><\/tr>
protocol_event<\/td>pe:syn:SESSION-9b68d4601d0ccd30<\/td>count=2, event_type=TCP_SYN, session=SESSION-9b68d4601d0ccd30<\/td><\/td><\/tr>
protocol_event<\/td>pe:dns:SESSION-68666b77cce29d40<\/td>event_type=DNS_EXCHANGE, query_count=6, session=SESSION-68666b77cce29d40<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-36cd4459caa078a9<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-36cd4459caa078a9<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-e881aa680da5dbf3<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-e881aa680da5dbf3<\/td><\/td><\/tr>
protocol_event<\/td>pe:syn:SESSION-8394aca80c2a0790<\/td>count=2, event_type=TCP_SYN, session=SESSION-8394aca80c2a0790<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-65a9e51617aa2712<\/td>event_type=TLS_SESSION, packet_count=6, session=SESSION-65a9e51617aa2712<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-9dab8edd40d14d9d<\/td>event_type=TLS_SESSION, packet_count=3, session=SESSION-9dab8edd40d14d9d<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-348feef1c6ca6285<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-348feef1c6ca6285<\/td><\/td><\/tr>
protocol_event<\/td>pe:dns:SESSION-08bfd8721a383a39<\/td>event_type=DNS_EXCHANGE, query_count=4, session=SESSION-08bfd8721a383a39<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-7b2b00e0ceb88c09<\/td>event_type=TLS_SESSION, packet_count=6, session=SESSION-7b2b00e0ceb88c09<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-741380b5a9a3a6c7<\/td>event_type=TLS_SESSION, packet_count=5, session=SESSION-741380b5a9a3a6c7<\/td><\/td><\/tr>
protocol_event<\/td>pe:syn:SESSION-83d0b20751c23f69<\/td>count=2, event_type=TCP_SYN, session=SESSION-83d0b20751c23f69<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-e6ad21d692182871<\/td>event_type=TLS_SESSION, packet_count=25, session=SESSION-e6ad21d692182871<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-8394aca80c2a0790<\/td>event_type=TLS_SESSION, packet_count=90, session=SESSION-8394aca80c2a0790<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-04dc5a38b6cabcef<\/td>event_type=TLS_SESSION, packet_count=4, session=SESSION-04dc5a38b6cabcef<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-8fd6ad39adf47a18<\/td>event_type=TLS_SESSION, packet_count=5, session=SESSION-8fd6ad39adf47a18<\/td><\/td><\/tr>
protocol_event<\/td>pe:syn:SESSION-21bfec774060aafb<\/td>count=2, event_type=TCP_SYN, session=SESSION-21bfec774060aafb<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-a019cb392bc23a7a<\/td>event_type=TLS_SESSION, packet_count=4, session=SESSION-a019cb392bc23a7a<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-0e59fb5fe4c720df<\/td>event_type=TLS_SESSION, packet_count=15, session=SESSION-0e59fb5fe4c720df<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-d146af26ba988e06<\/td>event_type=TLS_SESSION, packet_count=18, session=SESSION-d146af26ba988e06<\/td><\/td><\/tr>
protocol_event<\/td>pe:syn:SESSION-cbcc97483386b4f3<\/td>count=2, event_type=TCP_SYN, session=SESSION-cbcc97483386b4f3<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-06fade4febc8462c<\/td>event_type=TLS_SESSION, packet_count=21, session=SESSION-06fade4febc8462c<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-9c85e6a530e7f20f<\/td>event_type=TLS_SESSION, packet_count=5, session=SESSION-9c85e6a530e7f20f<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-200a1edeb5081c1b<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-200a1edeb5081c1b<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-b7338ba843b2dafa<\/td>event_type=TLS_SESSION, packet_count=96, session=SESSION-b7338ba843b2dafa<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-dabcbf693ac9fbef<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-dabcbf693ac9fbef<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-423d6f8fa2a9f7bc<\/td>event_type=TLS_SESSION, packet_count=5, session=SESSION-423d6f8fa2a9f7bc<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-502ccca87ddbbb24<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-502ccca87ddbbb24<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-441bb1af5ec88ffb<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-441bb1af5ec88ffb<\/td><\/td><\/tr>
protocol_event<\/td>pe:syn:SESSION-d146af26ba988e06<\/td>count=2, event_type=TCP_SYN, session=SESSION-d146af26ba988e06<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-ea1d23994577309a<\/td>event_type=TLS_SESSION, packet_count=14, session=SESSION-ea1d23994577309a<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-c4d9c40a7fec56be<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-c4d9c40a7fec56be<\/td><\/td><\/tr>
protocol_event<\/td>pe:tls:SESSION-fa034e5132aecf5b<\/td>event_type=TLS_SESSION, packet_count=2, session=SESSION-fa034e5132aecf5b<\/td><\/td><\/tr>
service<\/td>svc:https<\/td>name=https<\/td><\/td><\/tr>
service<\/td>svc:dns<\/td>name=dns<\/td><\/td><\/tr>
service<\/td>svc:http<\/td>name=http<\/td><\/td><\/tr>
session<\/td>SESSION-e53f703ab7b48a77<\/td>dst_ip=199.165.136.100, dst_port=443, duration_sec=0.08, end_time=1,779,139,830.569, expected_protocol=https, packet_count=3, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=45,590, start_time=1,779,139,830.489, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=660, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-83d0b20751c23f69<\/td>dst_ip=192.168.1.1, dst_port=46,407, duration_sec=0.02, end_time=1,779,139,815.162, expected_protocol=unregistered:46407, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=45,124, start_time=1,779,139,815.137, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=1,782, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-9dab8edd40d14d9d<\/td>dst_ip=192.168.1.185, dst_port=58,457, duration_sec=0.04, end_time=1,779,139,831.127, expected_protocol=unregistered:58457, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.39.21, src_port=443, start_time=1,779,139,831.082, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=220, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e6729d0ebc579395<\/td>dst_ip=97.178.32.239, dst_port=41,641, duration_sec=10.55, end_time=1,779,139,824.498, expected_protocol=unregistered:41641, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,813.948, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-2014bf32e6dab59e<\/td>dst_ip=151.101.113.140, dst_port=443, duration_sec=0.03, end_time=1,779,139,829.188, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=61,648, start_time=1,779,139,829.157, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-200a1edeb5081c1b<\/td>dst_ip=192.168.1.185, dst_port=54,629, duration_sec=0.05, end_time=1,779,139,824.265, expected_protocol=unregistered:54629, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=52.110.6.13, src_port=443, start_time=1,779,139,824.216, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=141, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-604f49b2ccac8492<\/td>dst_ip=97.178.32.239, dst_port=52,243, duration_sec=10.55, end_time=1,779,139,824.457, expected_protocol=unregistered:52243, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-5419af02605f5da4<\/td>dst_ip=97.178.32.239, dst_port=41,641, duration_sec=10.55, end_time=1,779,139,824.457, expected_protocol=unregistered:41641, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-741380b5a9a3a6c7<\/td>dst_ip=192.168.1.185, dst_port=62,104, duration_sec=0.03, end_time=1,779,139,825.023, expected_protocol=unregistered:62104, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.64.151.22, src_port=443, start_time=1,779,139,824.993, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=321, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-184b3698d564c9c7<\/td>dst_ip=192.168.1.185, dst_port=58,631, duration_sec=0.03, end_time=1,779,139,818.715, expected_protocol=unregistered:58631, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=216.24.57.7, src_port=443, start_time=1,779,139,818.689, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=228, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e565a4fbf5cff09b<\/td>dst_ip=192.73.248.83, dst_port=443, duration_sec=0.77, end_time=1,779,139,832.674, expected_protocol=https, packet_count=13, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=49,982, start_time=1,779,139,831.906, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=2,238, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-858ec5d25a7b6232<\/td>dst_ip=97.178.32.239, dst_port=11,130, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:11130, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-bcd07bc8e00bd126<\/td>dst_ip=209.177.158.246, dst_port=3,478, duration_sec=0.05, end_time=1,779,139,814.853, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,814.8, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-c4d9c40a7fec56be<\/td>dst_ip=135.234.174.40, dst_port=443, duration_sec=0.06, end_time=1,779,139,824.108, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=51,136, start_time=1,779,139,824.046, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-8fd6ad39adf47a18<\/td>dst_ip=192.168.1.185, dst_port=55,880, duration_sec=0.03, end_time=1,779,139,823.793, expected_protocol=unregistered:55880, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.36.216, src_port=443, start_time=1,779,139,823.759, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=321, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-9c845bfb2b534b59<\/td>dst_ip=150.171.28.10, dst_port=443, duration_sec=0.19, end_time=1,779,139,833.641, expected_protocol=https, packet_count=11, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=62,432, start_time=1,779,139,833.456, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=3,906, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-329be171c0b80b92<\/td>dst_ip=172.29.16.1, dst_port=41,641, duration_sec=10.55, end_time=1,779,139,824.498, expected_protocol=unregistered:41641, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,813.948, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-787a71cfd2c6f769<\/td>dst_ip=192.168.1.185, dst_port=61,509, duration_sec=0.04, end_time=1,779,139,823.853, expected_protocol=unregistered:61509, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=162.159.128.61, src_port=443, start_time=1,779,139,823.808, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=321, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-a019cb392bc23a7a<\/td>dst_ip=199.165.136.100, dst_port=443, duration_sec=0.17, end_time=1,779,139,831.279, expected_protocol=https, packet_count=4, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=57,514, start_time=1,779,139,831.111, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=642, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-81e5b5be161de125<\/td>dst_ip=151.101.114.172, dst_port=80, duration_sec=0.15, end_time=1,779,139,820.515, expected_protocol=http, packet_count=7, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=57,908, start_time=1,779,139,820.368, tcp_flags=S,P,A, time_bucket=1,779,139,800, total_bytes=893, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-f32643b41a201d5b<\/td>dst_ip=209.177.158.246, dst_port=3,478, duration_sec=0.05, end_time=1,779,139,827.583, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,827.529, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-c8f5f362e7c0c5c8<\/td>dst_ip=192.168.1.185, dst_port=51,049, duration_sec=0.04, end_time=1,779,139,828.252, expected_protocol=unregistered:51049, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=216.24.57.251, src_port=443, start_time=1,779,139,828.217, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=228, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-423d6f8fa2a9f7bc<\/td>dst_ip=192.168.1.185, dst_port=51,966, duration_sec=0.03, end_time=1,779,139,828.883, expected_protocol=unregistered:51966, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=23.213.232.172, src_port=443, start_time=1,779,139,828.857, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=306, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-b7d90a2138968fa3<\/td>dst_ip=192.168.1.185, dst_port=43,844, duration_sec=14.67, end_time=1,779,139,828.613, expected_protocol=unregistered:43844, packet_count=115, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=209.177.156.94, src_port=443, start_time=1,779,139,813.948, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=32,594, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e66fd8e05921da5d<\/td>dst_ip=172.18.0.1, dst_port=44,244, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:44244, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-36cd4459caa078a9<\/td>dst_ip=135.234.174.40, dst_port=443, duration_sec=0.07, end_time=1,779,139,827.293, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=51,820, start_time=1,779,139,827.225, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e881aa680da5dbf3<\/td>dst_ip=151.101.112.217, dst_port=443, duration_sec=0.04, end_time=1,779,139,829.598, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=50,174, start_time=1,779,139,829.56, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-7dbcb4428a9e5e71<\/td>dst_ip=209.177.156.94, dst_port=3,478, duration_sec=0.04, end_time=1,779,139,814.838, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,814.8, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-1f115942b61afe54<\/td>dst_ip=192.73.244.245, dst_port=3,478, duration_sec=0.07, end_time=1,779,139,827.597, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,827.529, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-1ea83345da6e2df0<\/td>dst_ip=224.0.0.22, duration_sec=0.13, end_time=1,779,139,833.109, expected_protocol=unregistered:0, packet_count=2, proto=OTHER, protocol_anomaly_score=0, protocol_violations=, protocols=OTHER, src_ip=192.168.1.165, start_time=1,779,139,832.977, tcp_flags=, time_bucket=1,779,139,830, total_bytes=120, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-0e59fb5fe4c720df<\/td>dst_ip=192.168.1.185, dst_port=43,844, duration_sec=0.69, end_time=1,779,139,832.637, expected_protocol=unregistered:43844, packet_count=15, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=209.177.156.94, src_port=443, start_time=1,779,139,831.947, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=2,508, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-65a9e51617aa2712<\/td>dst_ip=199.165.136.100, dst_port=443, duration_sec=4.53, end_time=1,779,139,821.588, expected_protocol=https, packet_count=6, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=45,590, start_time=1,779,139,817.062, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=1,951, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e86e0a049372cc85<\/td>dst_ip=142.250.113.95, dst_port=443, duration_sec=0.33, end_time=1,779,139,821.155, expected_protocol=quic, packet_count=20, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=55,836, start_time=1,779,139,820.821, tcp_flags=, time_bucket=1,779,139,800, total_bytes=8,541, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-f8dc5b0051ee4914<\/td>dst_ip=192.168.1.1, duration_sec=12.77, end_time=1,779,139,827.691, expected_protocol=unregistered:0, packet_count=5, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=192.168.1.185, start_time=1,779,139,814.917, tcp_flags=, time_bucket=1,779,139,800, total_bytes=1,621, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-8c7ddbb6fe26a9a9<\/td>dst_ip=192.168.1.185, dst_port=60,920, duration_sec=10.01, end_time=1,779,139,829.032, expected_protocol=unregistered:60920, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=216.239.32.223, src_port=443, start_time=1,779,139,819.023, tcp_flags=, time_bucket=1,779,139,800, total_bytes=298, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-68666b77cce29d40<\/td>dst_ip=192.168.1.1, dst_port=53, duration_sec=4.54, end_time=1,779,139,820.366, expected_protocol=dns, packet_count=6, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=59,921, start_time=1,779,139,815.826, tcp_flags=, time_bucket=1,779,139,800, total_bytes=822, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-06fade4febc8462c<\/td>dst_ip=104.18.23.222, dst_port=443, duration_sec=0.42, end_time=1,779,139,827.943, expected_protocol=https, packet_count=21, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=51,621, start_time=1,779,139,827.526, tcp_flags=S,P,A, time_bucket=1,779,139,800, total_bytes=13,297, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e6ad21d692182871<\/td>dst_ip=199.165.136.100, dst_port=443, duration_sec=15.84, end_time=1,779,139,829.575, expected_protocol=https, packet_count=25, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=57,514, start_time=1,779,139,813.737, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=5,086, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-08bfd8721a383a39<\/td>dst_ip=192.168.1.1, dst_port=53, duration_sec=0.18, end_time=1,779,139,833.635, expected_protocol=dns, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=55,743, start_time=1,779,139,833.456, tcp_flags=, time_bucket=1,779,139,830, total_bytes=410, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e5c653feb7de823f<\/td>dst_ip=192.73.243.135, dst_port=3,478, duration_sec=0.06, end_time=1,779,139,814.863, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=44,244, start_time=1,779,139,814.8, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-441bb1af5ec88ffb<\/td>dst_ip=76.76.21.22, dst_port=443, duration_sec=0.03, end_time=1,779,139,829.733, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=58,156, start_time=1,779,139,829.699, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-8394aca80c2a0790<\/td>dst_ip=52.182.143.215, dst_port=443, duration_sec=2.1, end_time=1,779,139,828.097, expected_protocol=https, packet_count=90, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=61,094, start_time=1,779,139,825.992, tcp_flags=S,P,A, time_bucket=1,779,139,800, total_bytes=141,514, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-3cb87513d2c7904f<\/td>dst_ip=192.168.1.1, dst_port=5,351, duration_sec=0.02, end_time=1,779,139,827.562, expected_protocol=unregistered:5351, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=65,065, start_time=1,779,139,827.538, tcp_flags=, time_bucket=1,779,139,800, total_bytes=230, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-21bfec774060aafb<\/td>dst_ip=192.168.1.1, dst_port=46,407, duration_sec=0.07, end_time=1,779,139,815.138, expected_protocol=unregistered:46407, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=45,114, start_time=1,779,139,815.064, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=2,087, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-7bf53771cd98ec17<\/td>dst_ip=192.168.1.1, dst_port=5,351, duration_sec=0.13, end_time=1,779,139,814.917, expected_protocol=unregistered:5351, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=45,439, start_time=1,779,139,814.79, tcp_flags=, time_bucket=1,779,139,800, total_bytes=218, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-04dc5a38b6cabcef<\/td>dst_ip=192.168.1.185, dst_port=54,986, duration_sec=0, end_time=1,779,139,828.507, expected_protocol=unregistered:54986, packet_count=4, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=167.235.217.196, src_port=443, start_time=1,779,139,828.503, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=3,585, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-1065a64ded6cc44c<\/td>dst_ip=172.19.0.1, dst_port=44,244, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:44244, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e0cdf80170e46e9e<\/td>dst_ip=142.250.115.95, dst_port=443, duration_sec=0.16, end_time=1,779,139,821.998, expected_protocol=quic, packet_count=21, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=59,475, start_time=1,779,139,821.843, tcp_flags=, time_bucket=1,779,139,800, total_bytes=8,434, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-055fd962754012c2<\/td>dst_ip=104.208.203.89, dst_port=443, duration_sec=0.34, end_time=1,779,139,828.283, expected_protocol=https, packet_count=4, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=64,727, start_time=1,779,139,827.941, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=441, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-86bc6b9e53c222b0<\/td>dst_ip=23.219.160.5, dst_port=443, duration_sec=1.45, end_time=1,779,139,815.348, expected_protocol=quic, packet_count=3, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=62,877, start_time=1,779,139,813.899, tcp_flags=, time_bucket=1,779,139,800, total_bytes=245, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-5673cdc8e15ecc28<\/td>dst_ip=192.168.1.185, dst_port=54,986, duration_sec=0, end_time=1,779,139,830.263, expected_protocol=unregistered:54986, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=167.235.217.196, src_port=443, start_time=1,779,139,830.263, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=4,440, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-99947e3aab494326<\/td>dst_ip=192.168.1.185, dst_port=51,645, duration_sec=0.05, end_time=1,779,139,832.907, expected_protocol=unregistered:51645, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.200.0.112, src_port=443, start_time=1,779,139,832.858, tcp_flags=P,A, time_bucket=1,779,139,830, total_bytes=193, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-de97a19f0937505c<\/td>dst_ip=192.168.1.185, dst_port=51,146, duration_sec=0.05, end_time=1,779,139,823.88, expected_protocol=unregistered:51146, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.1.62, src_port=443, start_time=1,779,139,823.833, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=321, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-cbcc97483386b4f3<\/td>dst_ip=104.18.32.47, dst_port=443, duration_sec=4.56, end_time=1,779,139,820.41, expected_protocol=https, packet_count=21, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=46,474, start_time=1,779,139,815.852, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=11,687, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-9b68d4601d0ccd30<\/td>dst_ip=192.168.1.1, dst_port=46,407, duration_sec=0, end_time=1,779,139,815.064, expected_protocol=unregistered:46407, packet_count=12, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=45,112, start_time=1,779,139,815.061, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=4,269, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-fa034e5132aecf5b<\/td>dst_ip=13.107.226.57, dst_port=443, duration_sec=0.05, end_time=1,779,139,825.808, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=65,238, start_time=1,779,139,825.755, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-dabcbf693ac9fbef<\/td>dst_ip=150.171.28.10, dst_port=443, duration_sec=0.05, end_time=1,779,139,816.663, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=62,432, start_time=1,779,139,816.617, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-58f9cafe500f64ad<\/td>dst_ip=192.168.1.1, dst_port=53, duration_sec=11.67, end_time=1,779,139,827.523, expected_protocol=dns, packet_count=14, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=55,743, start_time=1,779,139,815.85, tcp_flags=, time_bucket=1,779,139,800, total_bytes=1,712, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-d7f6ed06cf3ab18b<\/td>dst_ip=192.168.1.185, duration_sec=0.04, end_time=1,779,139,831.948, expected_protocol=unregistered:0, packet_count=6, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=97.178.32.239, start_time=1,779,139,831.907, tcp_flags=, time_bucket=1,779,139,830, total_bytes=1,164, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-934baa2aae663ceb<\/td>dst_ip=151.101.113.140, dst_port=443, duration_sec=0.05, end_time=1,779,139,829.427, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=60,726, start_time=1,779,139,829.374, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-e25097cf84c7b988<\/td>dst_ip=97.178.32.239, dst_port=1,050, duration_sec=10.55, end_time=1,779,139,824.457, expected_protocol=unregistered:1050, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-9c85e6a530e7f20f<\/td>dst_ip=192.200.0.112, dst_port=443, duration_sec=0.17, end_time=1,779,139,815.353, expected_protocol=https, packet_count=5, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=44,420, start_time=1,779,139,815.185, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=1,924, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-1835bee014d5b0b3<\/td>dst_ip=172.17.0.1, dst_port=44,244, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:44244, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-4cf06bd9f9c07bb4<\/td>dst_ip=97.178.32.239, dst_port=31,036, duration_sec=10.55, end_time=1,779,139,824.458, expected_protocol=unregistered:31036, packet_count=3, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,813.904, tcp_flags=, time_bucket=1,779,139,800, total_bytes=498, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-22420a928847cfad<\/td>dst_ip=192.168.1.1, dst_port=5,351, duration_sec=0.13, end_time=1,779,139,814.936, expected_protocol=unregistered:5351, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=45,706, start_time=1,779,139,814.81, tcp_flags=, time_bucket=1,779,139,800, total_bytes=230, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-b7338ba843b2dafa<\/td>dst_ip=192.73.248.83, dst_port=443, duration_sec=14.66, end_time=1,779,139,828.562, expected_protocol=https, packet_count=96, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=49,982, start_time=1,779,139,813.904, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=30,133, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-65e185b6eab54d6a<\/td>dst_ip=192.168.1.1, dst_port=5,351, duration_sec=0.15, end_time=1,779,139,827.691, expected_protocol=unregistered:5351, packet_count=4, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=65,066, start_time=1,779,139,827.54, tcp_flags=, time_bucket=1,779,139,800, total_bytes=218, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-716de9787a03c45e<\/td>dst_ip=23.219.160.5, dst_port=443, duration_sec=8.35, end_time=1,779,139,823.758, expected_protocol=quic, packet_count=40, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=60,418, start_time=1,779,139,815.405, tcp_flags=, time_bucket=1,779,139,800, total_bytes=9,890, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-17e440ba96a7a7b5<\/td>dst_ip=142.250.115.95, dst_port=443, duration_sec=5.59, end_time=1,779,139,822.073, expected_protocol=quic, packet_count=11, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=57,835, start_time=1,779,139,816.478, tcp_flags=, time_bucket=1,779,139,800, total_bytes=1,532, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-05305b96b26cdffd<\/td>dst_ip=192.168.1.185, dst_port=52,640, duration_sec=0.07, end_time=1,779,139,827.193, expected_protocol=unregistered:52640, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.39.21, src_port=443, start_time=1,779,139,827.119, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=220, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-d146af26ba988e06<\/td>dst_ip=104.18.32.47, dst_port=443, duration_sec=4.3, end_time=1,779,139,829.989, expected_protocol=https, packet_count=18, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=192.168.1.185, src_port=44,698, start_time=1,779,139,825.688, tcp_flags=S,P,A,F, time_bucket=1,779,139,800, total_bytes=11,087, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-2681df7af5f78270<\/td>dst_ip=192.168.1.185, duration_sec=10.59, end_time=1,779,139,824.499, expected_protocol=unregistered:0, packet_count=18, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=97.178.32.239, start_time=1,779,139,813.905, tcp_flags=, time_bucket=1,779,139,800, total_bytes=3,492, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-bc4350b5c6d66f3f<\/td>dst_ip=34.111.31.13, dst_port=443, duration_sec=0.03, end_time=1,779,139,830.188, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=61,825, start_time=1,779,139,830.154, tcp_flags=A, time_bucket=1,779,139,830, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-ce6603a48a5c4c37<\/td>dst_ip=23.219.160.5, dst_port=443, duration_sec=0.09, end_time=1,779,139,830.263, expected_protocol=quic, packet_count=2, proto=UDP, protocol_anomaly_score=0.4, protocol_violations=missing_tls,risk_port, protocols=UDP, src_ip=192.168.1.185, src_port=60,418, start_time=1,779,139,830.169, tcp_flags=, time_bucket=1,779,139,830, total_bytes=137, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-7b2b00e0ceb88c09<\/td>dst_ip=20.62.59.32, dst_port=443, duration_sec=13.14, end_time=1,779,139,827.119, expected_protocol=https, packet_count=6, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=64,848, start_time=1,779,139,813.976, tcp_flags=P,A, time_bucket=1,779,139,800, total_bytes=422, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-ea1d23994577309a<\/td>dst_ip=192.168.1.185, dst_port=52,133, duration_sec=8.09, end_time=1,779,139,825.978, expected_protocol=unregistered:52133, packet_count=14, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=104.18.22.222, src_port=443, start_time=1,779,139,817.888, tcp_flags=P,F,A, time_bucket=1,779,139,800, total_bytes=1,002, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-10cf97843d85c279<\/td>dst_ip=209.177.156.94, dst_port=3,478, duration_sec=0.03, end_time=1,779,139,827.562, expected_protocol=unregistered:3478, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=192.168.1.185, src_port=41,641, start_time=1,779,139,827.529, tcp_flags=, time_bucket=1,779,139,800, total_bytes=156, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-348feef1c6ca6285<\/td>dst_ip=151.101.113.140, dst_port=443, duration_sec=0.06, end_time=1,779,139,829.463, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=52,662, start_time=1,779,139,829.405, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
session<\/td>SESSION-502ccca87ddbbb24<\/td>dst_ip=35.190.80.1, dst_port=443, duration_sec=0.03, end_time=1,779,139,826.633, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=192.168.1.185, src_port=49,433, start_time=1,779,139,826.6, tcp_flags=A, time_bucket=1,779,139,800, total_bytes=121, window_sec=30<\/td><\/td><\/tr>
tls_sni<\/td>tls_sni:copilot.microsoft.com<\/td>sni=copilot.microsoft.com<\/td><\/td><\/tr>
tls_sni<\/td>tls_sni:browser.events.data.microsoft.com<\/td>sni=browser.events.data.microsoft.com<\/td><\/td><\/tr>
tls_sni<\/td>tls_sni:chatgpt.com<\/td>sni=chatgpt.com<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
<\/code><\/pre>\n\n\n\n
Kind<\/th>ID<\/th>Nodes<\/th><\/tr><\/thead>
flow_observed5-aryOBS<\/td>e:fo:flow:4ac806f4d834<\/td>flow:4ac806f4d834 \u2192 host:192.168.1.185 \u2192 host:20.62.59.32 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-de97a19f0937505c:host:192.168.1.185<\/td>SESSION-de97a19f0937505c \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-de97a19f0937505c:host:192.168.1.185<\/td>SESSION-de97a19f0937505c \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:26faad66f81e:port:udp:44244<\/td>flow:26faad66f81e \u2192 port:udp:44244<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-c4d9c40a7fec56be:host:192.168.1.185<\/td>SESSION-c4d9c40a7fec56be \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:bf8f4a131249:port:udp:44244<\/td>flow:bf8f4a131249 \u2192 port:udp:44244<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-a019cb392bc23a7a:flow:65175f124256<\/td>SESSION-a019cb392bc23a7a \u2192 flow:65175f124256<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-055fd962754012c2:host:192.168.1.185<\/td>SESSION-055fd962754012c2 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e66fd8e05921da5d:host:192.168.1.185<\/td>SESSION-e66fd8e05921da5d \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-934baa2aae663ceb:host:151.101.113.140<\/td>SESSION-934baa2aae663ceb \u2192 host:151.101.113.140<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e86e0a049372cc85:host:192.168.1.185<\/td>SESSION-e86e0a049372cc85 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:7986b2093729:port:tcp:443<\/td>flow:7986b2093729 \u2192 port:tcp:443<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:c0b4f157e073<\/td>flow:c0b4f157e073 \u2192 host:192.168.1.185 \u2192 host:34.111.31.13 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e86e0a049372cc85:host:192.168.1.185:host:142.250.113.95<\/td>SESSION-e86e0a049372cc85 \u2192 host:192.168.1.185 \u2192 host:142.250.113.95<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-f8dc5b0051ee4914:host:192.168.1.1<\/td>SESSION-f8dc5b0051ee4914 \u2192 host:192.168.1.1<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:192.73.244.245:asn:36236<\/td>host:192.73.244.245 \u2192 asn:36236<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-d146af26ba988e06:host:192.168.1.185<\/td>SESSION-d146af26ba988e06 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TLS_SNIOBS<\/td>e:fs:flow:189be888c3af:tls_sni:copilot.microsoft.com<\/td>flow:189be888c3af \u2192 tls_sni:copilot.microsoft.com<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:5b983251f483<\/td>flow:5b983251f483 \u2192 host:104.18.22.222 \u2192 host:192.168.1.185 \u2192 port:tcp:52133<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-9b68d4601d0ccd30:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-9b68d4601d0ccd30 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e565a4fbf5cff09b:host:192.168.1.185<\/td>SESSION-e565a4fbf5cff09b \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e66fd8e05921da5d:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e66fd8e05921da5d \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-b7338ba843b2dafa:flow:a3f08c1df1f5<\/td>SESSION-b7338ba843b2dafa \u2192 flow:a3f08c1df1f5<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-c4d9c40a7fec56be:host:135.234.174.40<\/td>SESSION-c4d9c40a7fec56be \u2192 host:135.234.174.40<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-9c85e6a530e7f20f:flow:9d482c927ad5<\/td>SESSION-9c85e6a530e7f20f \u2192 flow:9d482c927ad5<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-2681df7af5f78270:host:97.178.32.239<\/td>SESSION-2681df7af5f78270 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-055fd962754012c2:host:192.168.1.185:host:104.208.203.89<\/td>SESSION-055fd962754012c2 \u2192 host:192.168.1.185 \u2192 host:104.208.203.89<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-934baa2aae663ceb:flow:eb3b47352f67<\/td>SESSION-934baa2aae663ceb \u2192 flow:eb3b47352f67<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-200a1edeb5081c1b:host:192.168.1.185<\/td>SESSION-200a1edeb5081c1b \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-423d6f8fa2a9f7bc:flow:df1c396b8733<\/td>SESSION-423d6f8fa2a9f7bc \u2192 flow:df1c396b8733<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-99947e3aab494326:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-99947e3aab494326 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-86bc6b9e53c222b0:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-86bc6b9e53c222b0 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:189be888c3af<\/td>flow:189be888c3af \u2192 host:192.168.1.185 \u2192 host:104.18.23.222 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e881aa680da5dbf3:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e881aa680da5dbf3 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:6167:org:Verizon Business<\/td>asn:6167 \u2192 org:Verizon Business<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-9c85e6a530e7f20f:host:192.200.0.112<\/td>SESSION-9c85e6a530e7f20f \u2192 host:192.200.0.112<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-36cd4459caa078a9:host:135.234.174.40<\/td>SESSION-36cd4459caa078a9 \u2192 host:135.234.174.40<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-1065a64ded6cc44c:host:172.19.0.1<\/td>SESSION-1065a64ded6cc44c \u2192 host:172.19.0.1<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:a25fcb74f721<\/td>flow:a25fcb74f721 \u2192 host:216.24.57.7 \u2192 host:192.168.1.185 \u2192 port:tcp:58631<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-ce6603a48a5c4c37:host:192.168.1.185:host:23.219.160.5<\/td>SESSION-ce6603a48a5c4c37 \u2192 host:192.168.1.185 \u2192 host:23.219.160.5<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-83d0b20751c23f69:host:192.168.1.1<\/td>SESSION-83d0b20751c23f69 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-716de9787a03c45e:host:23.219.160.5<\/td>SESSION-716de9787a03c45e \u2192 host:23.219.160.5<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-2014bf32e6dab59e:host:192.168.1.185:host:151.101.113.140<\/td>SESSION-2014bf32e6dab59e \u2192 host:192.168.1.185 \u2192 host:151.101.113.140<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-17e440ba96a7a7b5:host:192.168.1.185<\/td>SESSION-17e440ba96a7a7b5 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-716de9787a03c45e:host:192.168.1.185<\/td>SESSION-716de9787a03c45e \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:6fe67514daf4:port:tcp:443<\/td>flow:6fe67514daf4 \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e881aa680da5dbf3:host:192.168.1.185<\/td>SESSION-e881aa680da5dbf3 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e86e0a049372cc85:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e86e0a049372cc85 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:d83699920b5b<\/td>flow:d83699920b5b \u2192 host:192.168.1.185 \u2192 host:151.101.113.140 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-fa034e5132aecf5b:host:192.168.1.185<\/td>SESSION-fa034e5132aecf5b \u2192 host:192.168.1.185<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:52.110.6.13:asn:8075<\/td>host:52.110.6.13 \u2192 asn:8075<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:150.171.28.10:asn:8075<\/td>host:150.171.28.10 \u2192 asn:8075<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e25097cf84c7b988:host:192.168.1.185<\/td>SESSION-e25097cf84c7b988 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-22420a928847cfad:host:192.168.1.185<\/td>SESSION-22420a928847cfad \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-83d0b20751c23f69:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-83d0b20751c23f69 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-441bb1af5ec88ffb:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-441bb1af5ec88ffb \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:21a678dc75de:port:tcp:443<\/td>flow:21a678dc75de \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-787a71cfd2c6f769:flow:c65476284ea0<\/td>SESSION-787a71cfd2c6f769 \u2192 flow:c65476284ea0<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-9dab8edd40d14d9d:SESSION-9dab8edd40d14d9d<\/td>SESSION-9dab8edd40d14d9d \u2192 pe:tls:SESSION-9dab8edd40d14d9d<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:192.73.243.135:geo_25.77010_-80.19280<\/td>host:192.73.243.135 \u2192 geo_25.77010_-80.19280<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:c65476284ea0:port:tcp:61509<\/td>flow:c65476284ea0 \u2192 port:tcp:61509<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-10cf97843d85c279:host:209.177.156.94<\/td>SESSION-10cf97843d85c279 \u2192 host:209.177.156.94<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-81e5b5be161de125:host:192.168.1.185<\/td>SESSION-81e5b5be161de125 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e881aa680da5dbf3:flow:f3b81336df74<\/td>SESSION-e881aa680da5dbf3 \u2192 flow:f3b81336df74<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-58f9cafe500f64ad:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-58f9cafe500f64ad \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-423d6f8fa2a9f7bc:host:23.213.232.172<\/td>SESSION-423d6f8fa2a9f7bc \u2192 host:23.213.232.172<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-502ccca87ddbbb24:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-502ccca87ddbbb24 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-7bf53771cd98ec17:host:192.168.1.1<\/td>SESSION-7bf53771cd98ec17 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-d146af26ba988e06:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-d146af26ba988e06 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e565a4fbf5cff09b:flow:6fe67514daf4<\/td>SESSION-e565a4fbf5cff09b \u2192 flow:6fe67514daf4<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-7bf53771cd98ec17:host:192.168.1.185<\/td>SESSION-7bf53771cd98ec17 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:199.165.136.100:asn:14618<\/td>host:199.165.136.100 \u2192 asn:14618<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-dabcbf693ac9fbef:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-dabcbf693ac9fbef \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:4ac806f4d834:port:tcp:443<\/td>flow:4ac806f4d834 \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-2681df7af5f78270:host:192.168.1.185<\/td>SESSION-2681df7af5f78270 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:c0b4f157e073:port:tcp:443<\/td>flow:c0b4f157e073 \u2192 port:tcp:443<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:df1c396b8733<\/td>flow:df1c396b8733 \u2192 host:23.213.232.172 \u2192 host:192.168.1.185 \u2192 port:tcp:51966<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-200a1edeb5081c1b:host:52.110.6.13:host:192.168.1.185<\/td>SESSION-200a1edeb5081c1b \u2192 host:52.110.6.13 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:ab2fda60ec38:port:tcp:443<\/td>flow:ab2fda60ec38 \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-200a1edeb5081c1b:host:52.110.6.13<\/td>SESSION-200a1edeb5081c1b \u2192 host:52.110.6.13<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-b7338ba843b2dafa:host:192.168.1.185:host:192.73.248.83<\/td>SESSION-b7338ba843b2dafa \u2192 host:192.168.1.185 \u2192 host:192.73.248.83<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-c8f5f362e7c0c5c8:host:216.24.57.251<\/td>SESSION-c8f5f362e7c0c5c8 \u2192 host:216.24.57.251<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-200a1edeb5081c1b:SESSION-200a1edeb5081c1b<\/td>SESSION-200a1edeb5081c1b \u2192 pe:tls:SESSION-200a1edeb5081c1b<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:24940:org:Hetzner Online GmbH<\/td>asn:24940 \u2192 org:Hetzner Online GmbH<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:e34282443dab:port:udp:443<\/td>flow:e34282443dab \u2192 port:udp:443<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:60dd2a974649<\/td>flow:60dd2a974649 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:udp:5351<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:dns:SESSION-08bfd8721a383a39:SESSION-08bfd8721a383a39<\/td>SESSION-08bfd8721a383a39 \u2192 pe:dns:SESSION-08bfd8721a383a39<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-9dab8edd40d14d9d:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-9dab8edd40d14d9d \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:c44b4fd56f98:port:udp:60920<\/td>flow:c44b4fd56f98 \u2192 port:udp:60920<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-9b68d4601d0ccd30:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-9b68d4601d0ccd30 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-b7338ba843b2dafa:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-b7338ba843b2dafa \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e0cdf80170e46e9e:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e0cdf80170e46e9e \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e6729d0ebc579395:host:97.178.32.239<\/td>SESSION-e6729d0ebc579395 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-f8dc5b0051ee4914:flow:bf7a9427297d<\/td>SESSION-f8dc5b0051ee4914 \u2192 flow:bf7a9427297d<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-741380b5a9a3a6c7:host:192.168.1.185<\/td>SESSION-741380b5a9a3a6c7 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-1065a64ded6cc44c:host:192.168.1.185:host:172.19.0.1<\/td>SESSION-1065a64ded6cc44c \u2192 host:192.168.1.185 \u2192 host:172.19.0.1<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-423d6f8fa2a9f7bc:host:23.213.232.172:host:192.168.1.185<\/td>SESSION-423d6f8fa2a9f7bc \u2192 host:23.213.232.172 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-348feef1c6ca6285:SESSION-348feef1c6ca6285<\/td>SESSION-348feef1c6ca6285 \u2192 pe:tls:SESSION-348feef1c6ca6285<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-22420a928847cfad:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-22420a928847cfad \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-fa034e5132aecf5b:flow:abe950115ba3<\/td>SESSION-fa034e5132aecf5b \u2192 flow:abe950115ba3<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-83d0b20751c23f69:flow:4eed5ff51111<\/td>SESSION-83d0b20751c23f69 \u2192 flow:4eed5ff51111<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:4f5810e72704:port:udp:3478<\/td>flow:4f5810e72704 \u2192 port:udp:3478<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-9b68d4601d0ccd30:host:192.168.1.185<\/td>SESSION-9b68d4601d0ccd30 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-2014bf32e6dab59e:host:192.168.1.185<\/td>SESSION-2014bf32e6dab59e \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-dabcbf693ac9fbef:host:192.168.1.185<\/td>SESSION-dabcbf693ac9fbef \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-68666b77cce29d40:host:192.168.1.185<\/td>SESSION-68666b77cce29d40 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:62d01d1bf747:port:udp:3478<\/td>flow:62d01d1bf747 \u2192 port:udp:3478<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-1ea83345da6e2df0:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-1ea83345da6e2df0 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:216.24.57.251:geo_37.75100_-97.82200<\/td>host:216.24.57.251 \u2192 geo_37.75100_-97.82200<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-65a9e51617aa2712:host:192.168.1.185<\/td>SESSION-65a9e51617aa2712 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-05305b96b26cdffd:flow:0380e0cd29dc<\/td>SESSION-05305b96b26cdffd \u2192 flow:0380e0cd29dc<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e5c653feb7de823f:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e5c653feb7de823f \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:660ca437efa1:port:udp:53<\/td>flow:660ca437efa1 \u2192 port:udp:53<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td>e:bsg:SESSION-21bfec774060aafb:BSG-BEACON-4bc57cbec7cd<\/td>SESSION-21bfec774060aafb \u2192 BSG-BEACON-4bc57cbec7cd<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-10cf97843d85c279:host:192.168.1.185<\/td>SESSION-10cf97843d85c279 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-441bb1af5ec88ffb:host:192.168.1.185:host:76.76.21.22<\/td>SESSION-441bb1af5ec88ffb \u2192 host:192.168.1.185 \u2192 host:76.76.21.22<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-58f9cafe500f64ad:flow:660ca437efa1<\/td>SESSION-58f9cafe500f64ad \u2192 flow:660ca437efa1<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:cb933110cf94:port:tcp:443<\/td>flow:cb933110cf94 \u2192 port:tcp:443<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-200a1edeb5081c1b:host:52.110.6.13<\/td>SESSION-200a1edeb5081c1b \u2192 host:52.110.6.13<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:7fc08133133d<\/td>flow:7fc08133133d \u2192 host:192.168.1.185 \u2192 host:172.19.0.1 \u2192 port:udp:44244<\/td><\/tr>
PORT_IMPLIED_SERVICEIMP 70%<\/td>e:ps:port:tcp:443:svc:https<\/td>port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-f8dc5b0051ee4914:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-f8dc5b0051ee4914 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-329be171c0b80b92:host:192.168.1.185<\/td>SESSION-329be171c0b80b92 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-4cf06bd9f9c07bb4:flow:478de54cd94a<\/td>SESSION-4cf06bd9f9c07bb4 \u2192 flow:478de54cd94a<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-e6ad21d692182871:SESSION-e6ad21d692182871<\/td>SESSION-e6ad21d692182871 \u2192 pe:tls:SESSION-e6ad21d692182871<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-3cb87513d2c7904f:host:192.168.1.185<\/td>SESSION-3cb87513d2c7904f \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-787a71cfd2c6f769:host:192.168.1.185<\/td>SESSION-787a71cfd2c6f769 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e565a4fbf5cff09b:host:192.168.1.185:host:192.73.248.83<\/td>SESSION-e565a4fbf5cff09b \u2192 host:192.168.1.185 \u2192 host:192.73.248.83<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e66fd8e05921da5d:host:172.18.0.1<\/td>SESSION-e66fd8e05921da5d \u2192 host:172.18.0.1<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:7986b2093729<\/td>flow:7986b2093729 \u2192 host:192.168.1.185 \u2192 host:104.18.32.47 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:60dd2a974649:port:udp:5351<\/td>flow:60dd2a974649 \u2192 port:udp:5351<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-06fade4febc8462c:SESSION-06fade4febc8462c<\/td>SESSION-06fade4febc8462c \u2192 pe:tls:SESSION-06fade4febc8462c<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-b7d90a2138968fa3:SESSION-b7d90a2138968fa3<\/td>SESSION-b7d90a2138968fa3 \u2192 pe:tls:SESSION-b7d90a2138968fa3<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-4cf06bd9f9c07bb4:host:192.168.1.185:host:97.178.32.239<\/td>SESSION-4cf06bd9f9c07bb4 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-99947e3aab494326:host:192.200.0.112<\/td>SESSION-99947e3aab494326 \u2192 host:192.200.0.112<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-cbcc97483386b4f3:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-cbcc97483386b4f3 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-934baa2aae663ceb:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-934baa2aae663ceb \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-5419af02605f5da4:host:97.178.32.239<\/td>SESSION-5419af02605f5da4 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-502ccca87ddbbb24:host:192.168.1.185<\/td>SESSION-502ccca87ddbbb24 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-502ccca87ddbbb24:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-502ccca87ddbbb24 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-d7f6ed06cf3ab18b:host:97.178.32.239:host:192.168.1.185<\/td>SESSION-d7f6ed06cf3ab18b \u2192 host:97.178.32.239 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-9dab8edd40d14d9d:host:192.168.1.185<\/td>SESSION-9dab8edd40d14d9d \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:9aa8161296f7<\/td>flow:9aa8161296f7 \u2192 host:192.168.1.185 \u2192 host:199.165.136.100 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-0e59fb5fe4c720df:host:192.168.1.185<\/td>SESSION-0e59fb5fe4c720df \u2192 host:192.168.1.185<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:23.213.232.172:geo_32.77970_-96.80220<\/td>host:23.213.232.172 \u2192 geo_32.77970_-96.80220<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-bcd07bc8e00bd126:host:209.177.158.246<\/td>SESSION-bcd07bc8e00bd126 \u2192 host:209.177.158.246<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:478de54cd94a<\/td>flow:478de54cd94a \u2192 host:192.168.1.185 \u2192 host:97.178.32.239 \u2192 port:udp:31036<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-9dab8edd40d14d9d:host:104.18.39.21:host:192.168.1.185<\/td>SESSION-9dab8edd40d14d9d \u2192 host:104.18.39.21 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:23.219.160.5:geo_29.75390_-95.35900<\/td>host:23.219.160.5 \u2192 geo_29.75390_-95.35900<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-c8f5f362e7c0c5c8:host:192.168.1.185<\/td>SESSION-c8f5f362e7c0c5c8 \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:eb3b47352f67<\/td>flow:eb3b47352f67 \u2192 host:192.168.1.185 \u2192 host:151.101.113.140 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-502ccca87ddbbb24:flow:1cae684ccaf1<\/td>SESSION-502ccca87ddbbb24 \u2192 flow:1cae684ccaf1<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-e53f703ab7b48a77:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-e53f703ab7b48a77 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-fa034e5132aecf5b:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-fa034e5132aecf5b \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-bcd07bc8e00bd126:host:209.177.158.246<\/td>SESSION-bcd07bc8e00bd126 \u2192 host:209.177.158.246<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-787a71cfd2c6f769:host:162.159.128.61<\/td>SESSION-787a71cfd2c6f769 \u2192 host:162.159.128.61<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e565a4fbf5cff09b:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e565a4fbf5cff09b \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-1065a64ded6cc44c:host:192.168.1.185<\/td>SESSION-1065a64ded6cc44c \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-21bfec774060aafb:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-21bfec774060aafb \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-b7338ba843b2dafa:host:192.73.248.83<\/td>SESSION-b7338ba843b2dafa \u2192 host:192.73.248.83<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e6ad21d692182871:host:192.168.1.185:host:199.165.136.100<\/td>SESSION-e6ad21d692182871 \u2192 host:192.168.1.185 \u2192 host:199.165.136.100<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:192.200.0.112:asn:16509<\/td>host:192.200.0.112 \u2192 asn:16509<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-502ccca87ddbbb24:host:35.190.80.1<\/td>SESSION-502ccca87ddbbb24 \u2192 host:35.190.80.1<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e881aa680da5dbf3:host:192.168.1.185<\/td>SESSION-e881aa680da5dbf3 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-cbcc97483386b4f3:host:192.168.1.185<\/td>SESSION-cbcc97483386b4f3 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-184b3698d564c9c7:host:192.168.1.185<\/td>SESSION-184b3698d564c9c7 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-bc4350b5c6d66f3f:host:192.168.1.185<\/td>SESSION-bc4350b5c6d66f3f \u2192 host:192.168.1.185<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:216.239.32.223:geo_37.75100_-97.82200<\/td>host:216.239.32.223 \u2192 geo_37.75100_-97.82200<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-a019cb392bc23a7a:host:192.168.1.185<\/td>SESSION-a019cb392bc23a7a \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-787a71cfd2c6f769:host:162.159.128.61<\/td>SESSION-787a71cfd2c6f769 \u2192 host:162.159.128.61<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-86bc6b9e53c222b0:host:23.219.160.5<\/td>SESSION-86bc6b9e53c222b0 \u2192 host:23.219.160.5<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-a019cb392bc23a7a:SESSION-a019cb392bc23a7a<\/td>SESSION-a019cb392bc23a7a \u2192 pe:tls:SESSION-a019cb392bc23a7a<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-b7d90a2138968fa3:flow:495f7c8d94fd<\/td>SESSION-b7d90a2138968fa3 \u2192 flow:495f7c8d94fd<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e565a4fbf5cff09b:host:192.73.248.83<\/td>SESSION-e565a4fbf5cff09b \u2192 host:192.73.248.83<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e881aa680da5dbf3:host:151.101.112.217<\/td>SESSION-e881aa680da5dbf3 \u2192 host:151.101.112.217<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:eb3b47352f67:port:tcp:443<\/td>flow:eb3b47352f67 \u2192 port:tcp:443<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-7b2b00e0ceb88c09:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-7b2b00e0ceb88c09 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e6ad21d692182871:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e6ad21d692182871 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-10cf97843d85c279:flow:fdf049da8b14<\/td>SESSION-10cf97843d85c279 \u2192 flow:fdf049da8b14<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:a25fcb74f721:port:tcp:58631<\/td>flow:a25fcb74f721 \u2192 port:tcp:58631<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:df1c396b8733:port:tcp:51966<\/td>flow:df1c396b8733 \u2192 port:tcp:51966<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-7b2b00e0ceb88c09:host:20.62.59.32<\/td>SESSION-7b2b00e0ceb88c09 \u2192 host:20.62.59.32<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-dabcbf693ac9fbef:host:192.168.1.185<\/td>SESSION-dabcbf693ac9fbef \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-1f115942b61afe54:flow:4f5810e72704<\/td>SESSION-1f115942b61afe54 \u2192 flow:4f5810e72704<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-8c7ddbb6fe26a9a9:flow:c44b4fd56f98<\/td>SESSION-8c7ddbb6fe26a9a9 \u2192 flow:c44b4fd56f98<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-9c85e6a530e7f20f:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-9c85e6a530e7f20f \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-8fd6ad39adf47a18:host:192.168.1.185<\/td>SESSION-8fd6ad39adf47a18 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:5a246bdf60e4:port:tcp:443<\/td>flow:5a246bdf60e4 \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-0e59fb5fe4c720df:host:209.177.156.94<\/td>SESSION-0e59fb5fe4c720df \u2192 host:209.177.156.94<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:65c7de267840<\/td>flow:65c7de267840 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:udp:5351<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:216.24.57.7:asn:397273<\/td>host:216.24.57.7 \u2192 asn:397273<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:660ca437efa1:dns:signaler-pa.clients6.google.com<\/td>flow:660ca437efa1 \u2192 dns:signaler-pa.clients6.google.com<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e6729d0ebc579395:host:192.168.1.185<\/td>SESSION-e6729d0ebc579395 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:209.177.158.246:asn:36236<\/td>host:209.177.158.246 \u2192 asn:36236<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-3cb87513d2c7904f:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-3cb87513d2c7904f \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:9d482c927ad5<\/td>flow:9d482c927ad5 \u2192 host:192.168.1.185 \u2192 host:192.200.0.112 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-c4d9c40a7fec56be:host:192.168.1.185<\/td>SESSION-c4d9c40a7fec56be \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-1f115942b61afe54:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-1f115942b61afe54 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:209.177.156.94:geo_32.77970_-96.80220<\/td>host:209.177.156.94 \u2192 geo_32.77970_-96.80220<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-2681df7af5f78270:flow:7395be855a32<\/td>SESSION-2681df7af5f78270 \u2192 flow:7395be855a32<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-a019cb392bc23a7a:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-a019cb392bc23a7a \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:f79c1639a1f7:port:udp:11130<\/td>flow:f79c1639a1f7 \u2192 port:udp:11130<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e25097cf84c7b988:host:192.168.1.185:host:97.178.32.239<\/td>SESSION-e25097cf84c7b988 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239<\/td><\/tr>
FLOW_TLS_SNIOBS<\/td>e:fs:flow:7986b2093729:tls_sni:chatgpt.com<\/td>flow:7986b2093729 \u2192 tls_sni:chatgpt.com<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:46c89f86a16a<\/td>flow:46c89f86a16a \u2192 host:192.168.1.185 \u2192 host:23.219.160.5 \u2192 port:udp:443 \u2192 svc:https<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-4cf06bd9f9c07bb4:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-4cf06bd9f9c07bb4 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-de97a19f0937505c:host:104.18.1.62<\/td>SESSION-de97a19f0937505c \u2192 host:104.18.1.62<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-81e5b5be161de125:host:192.168.1.185:host:151.101.114.172<\/td>SESSION-81e5b5be161de125 \u2192 host:192.168.1.185 \u2192 host:151.101.114.172<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:1fbee9feb06d<\/td>flow:1fbee9feb06d \u2192 host:104.18.1.62 \u2192 host:192.168.1.185 \u2192 port:tcp:51146<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-9c845bfb2b534b59:flow:c378386f9a22<\/td>SESSION-9c845bfb2b534b59 \u2192 flow:c378386f9a22<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-0e59fb5fe4c720df:host:192.168.1.185<\/td>SESSION-0e59fb5fe4c720df \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed3-aryOBS<\/td>e:fo:flow:d658b18ff560<\/td>flow:d658b18ff560 \u2192 host:192.168.1.165 \u2192 host:224.0.0.22<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-934baa2aae663ceb:host:192.168.1.185:host:151.101.113.140<\/td>SESSION-934baa2aae663ceb \u2192 host:192.168.1.185 \u2192 host:151.101.113.140<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-5673cdc8e15ecc28:flow:9cc54a60d88a<\/td>SESSION-5673cdc8e15ecc28 \u2192 flow:9cc54a60d88a<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-5419af02605f5da4:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-5419af02605f5da4 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-8c7ddbb6fe26a9a9:host:192.168.1.185<\/td>SESSION-8c7ddbb6fe26a9a9 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-8394aca80c2a0790:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-8394aca80c2a0790 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-055fd962754012c2:flow:779733f74ceb<\/td>SESSION-055fd962754012c2 \u2192 flow:779733f74ceb<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-7bf53771cd98ec17:host:192.168.1.1<\/td>SESSION-7bf53771cd98ec17 \u2192 host:192.168.1.1<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:209.177.156.94:asn:36236<\/td>host:209.177.156.94 \u2192 asn:36236<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-184b3698d564c9c7:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-184b3698d564c9c7 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:76.76.21.22:geo_34.02330_-117.85120<\/td>host:76.76.21.22 \u2192 geo_34.02330_-117.85120<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e5c653feb7de823f:host:192.73.243.135<\/td>SESSION-e5c653feb7de823f \u2192 host:192.73.243.135<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e25097cf84c7b988:host:97.178.32.239<\/td>SESSION-e25097cf84c7b988 \u2192 host:97.178.32.239<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-08bfd8721a383a39:host:192.168.1.185<\/td>SESSION-08bfd8721a383a39 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-83d0b20751c23f69:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-83d0b20751c23f69 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-329be171c0b80b92:flow:a912cd07306b<\/td>SESSION-329be171c0b80b92 \u2192 flow:a912cd07306b<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-8394aca80c2a0790:SESSION-8394aca80c2a0790<\/td>SESSION-8394aca80c2a0790 \u2192 pe:tls:SESSION-8394aca80c2a0790<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-2014bf32e6dab59e:flow:d83699920b5b<\/td>SESSION-2014bf32e6dab59e \u2192 flow:d83699920b5b<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:dd3dd13e1b60<\/td>flow:dd3dd13e1b60 \u2192 host:192.168.1.185 \u2192 host:209.177.158.246 \u2192 port:udp:3478<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e6729d0ebc579395:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e6729d0ebc579395 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:13.107.226.57:asn:8075<\/td>host:13.107.226.57 \u2192 asn:8075<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:36236:org:NetActuate, Inc<\/td>asn:36236 \u2192 org:NetActuate, Inc<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-8fd6ad39adf47a18:SESSION-8fd6ad39adf47a18<\/td>SESSION-8fd6ad39adf47a18 \u2192 pe:tls:SESSION-8fd6ad39adf47a18<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-5673cdc8e15ecc28:host:192.168.1.185<\/td>SESSION-5673cdc8e15ecc28 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-8fd6ad39adf47a18:host:104.18.36.216:host:192.168.1.185<\/td>SESSION-8fd6ad39adf47a18 \u2192 host:104.18.36.216 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-8394aca80c2a0790:flow:7be9da9aa76d<\/td>SESSION-8394aca80c2a0790 \u2192 flow:7be9da9aa76d<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:192.73.248.83:asn:36236<\/td>host:192.73.248.83 \u2192 asn:36236<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-86bc6b9e53c222b0:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-86bc6b9e53c222b0 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95%<\/td>e:bsg:SESSION-d146af26ba988e06:BSG-DATA_EXFIL-78b438a917b5<\/td>SESSION-d146af26ba988e06 \u2192 BSG-DATA_EXFIL-78b438a917b5<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-3cb87513d2c7904f:flow:60dd2a974649<\/td>SESSION-3cb87513d2c7904f \u2192 flow:60dd2a974649<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:dc8e0c394478:dns:bat.bing.com<\/td>flow:dc8e0c394478 \u2192 dns:bat.bing.com<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:syn:SESSION-8394aca80c2a0790:SESSION-8394aca80c2a0790<\/td>SESSION-8394aca80c2a0790 \u2192 pe:syn:SESSION-8394aca80c2a0790<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:syn:SESSION-21bfec774060aafb:SESSION-21bfec774060aafb<\/td>SESSION-21bfec774060aafb \u2192 pe:syn:SESSION-21bfec774060aafb<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:f79c1639a1f7<\/td>flow:f79c1639a1f7 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239 \u2192 port:udp:11130<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-65a9e51617aa2712:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-65a9e51617aa2712 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td>e:bsg:SESSION-2014bf32e6dab59e:BSG-BEACON-3fa1dca5627c<\/td>SESSION-2014bf32e6dab59e \u2192 BSG-BEACON-3fa1dca5627c<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-9b68d4601d0ccd30:host:192.168.1.1<\/td>SESSION-9b68d4601d0ccd30 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-604f49b2ccac8492:flow:03d3562fa35f<\/td>SESSION-604f49b2ccac8492 \u2192 flow:03d3562fa35f<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:142.250.113.95:geo_37.75100_-97.82200<\/td>host:142.250.113.95 \u2192 geo_37.75100_-97.82200<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-e565a4fbf5cff09b:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-e565a4fbf5cff09b \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e0cdf80170e46e9e:host:192.168.1.185<\/td>SESSION-e0cdf80170e46e9e \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-ea1d23994577309a:flow:5b983251f483<\/td>SESSION-ea1d23994577309a \u2192 flow:5b983251f483<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:c378386f9a22<\/td>flow:c378386f9a22 \u2192 host:192.168.1.185 \u2192 host:150.171.28.10 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:e34282443dab<\/td>flow:e34282443dab \u2192 host:192.168.1.185 \u2192 host:142.250.115.95 \u2192 port:udp:443 \u2192 svc:https<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-08bfd8721a383a39:host:192.168.1.1<\/td>SESSION-08bfd8721a383a39 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-423d6f8fa2a9f7bc:host:192.168.1.185<\/td>SESSION-423d6f8fa2a9f7bc \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:ef26bc2c964d<\/td>flow:ef26bc2c964d \u2192 host:172.64.151.22 \u2192 host:192.168.1.185 \u2192 port:tcp:62104<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-441bb1af5ec88ffb:host:76.76.21.22<\/td>SESSION-441bb1af5ec88ffb \u2192 host:76.76.21.22<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:9cc54a60d88a:port:tcp:54986<\/td>flow:9cc54a60d88a \u2192 port:tcp:54986<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:5a246bdf60e4<\/td>flow:5a246bdf60e4 \u2192 host:192.168.1.185 \u2192 host:135.234.174.40 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-86bc6b9e53c222b0:flow:46c89f86a16a<\/td>SESSION-86bc6b9e53c222b0 \u2192 flow:46c89f86a16a<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-b7d90a2138968fa3:host:209.177.156.94:host:192.168.1.185<\/td>SESSION-b7d90a2138968fa3 \u2192 host:209.177.156.94 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-bcd07bc8e00bd126:host:192.168.1.185<\/td>SESSION-bcd07bc8e00bd126 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-7b2b00e0ceb88c09:SESSION-7b2b00e0ceb88c09<\/td>SESSION-7b2b00e0ceb88c09 \u2192 pe:tls:SESSION-7b2b00e0ceb88c09<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:a912cd07306b<\/td>flow:a912cd07306b \u2192 host:192.168.1.185 \u2192 host:172.29.16.1 \u2192 port:udp:41641<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-2014bf32e6dab59e:host:151.101.113.140<\/td>SESSION-2014bf32e6dab59e \u2192 host:151.101.113.140<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:34.111.31.13:geo_39.10270_-94.57780<\/td>host:34.111.31.13 \u2192 geo_39.10270_-94.57780<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-5673cdc8e15ecc28:host:167.235.217.196<\/td>SESSION-5673cdc8e15ecc28 \u2192 host:167.235.217.196<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-06fade4febc8462c:host:192.168.1.185:host:104.18.23.222<\/td>SESSION-06fade4febc8462c \u2192 host:192.168.1.185 \u2192 host:104.18.23.222<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e565a4fbf5cff09b:host:192.168.1.185<\/td>SESSION-e565a4fbf5cff09b \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-bc4350b5c6d66f3f:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-bc4350b5c6d66f3f \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-9c845bfb2b534b59:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-9c845bfb2b534b59 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:199.165.136.100:geo_43.63190_-79.37160<\/td>host:199.165.136.100 \u2192 geo_43.63190_-79.37160<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:dc8e0c394478:port:udp:53<\/td>flow:dc8e0c394478 \u2192 port:udp:53<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e66fd8e05921da5d:host:172.18.0.1<\/td>SESSION-e66fd8e05921da5d \u2192 host:172.18.0.1<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-7b2b00e0ceb88c09:host:192.168.1.185<\/td>SESSION-7b2b00e0ceb88c09 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-99947e3aab494326:host:192.168.1.185<\/td>SESSION-99947e3aab494326 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-05305b96b26cdffd:host:104.18.39.21<\/td>SESSION-05305b96b26cdffd \u2192 host:104.18.39.21<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:a42e7b1c53d5<\/td>flow:a42e7b1c53d5 \u2192 host:192.168.1.185 \u2192 host:209.177.156.94 \u2192 port:udp:3478<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-ea1d23994577309a:host:192.168.1.185<\/td>SESSION-ea1d23994577309a \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-423d6f8fa2a9f7bc:host:192.168.1.185<\/td>SESSION-423d6f8fa2a9f7bc \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-dabcbf693ac9fbef:host:150.171.28.10<\/td>SESSION-dabcbf693ac9fbef \u2192 host:150.171.28.10<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-bc4350b5c6d66f3f:SESSION-bc4350b5c6d66f3f<\/td>SESSION-bc4350b5c6d66f3f \u2192 pe:tls:SESSION-bc4350b5c6d66f3f<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-e53f703ab7b48a77:SESSION-e53f703ab7b48a77<\/td>SESSION-e53f703ab7b48a77 \u2192 pe:tls:SESSION-e53f703ab7b48a77<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:0c699e4ab5c4:dns:ctldl.windowsupdate.com<\/td>flow:0c699e4ab5c4 \u2192 dns:ctldl.windowsupdate.com<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-83d0b20751c23f69:host:192.168.1.185<\/td>SESSION-83d0b20751c23f69 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-ce6603a48a5c4c37:host:192.168.1.185<\/td>SESSION-ce6603a48a5c4c37 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-58f9cafe500f64ad:host:192.168.1.185<\/td>SESSION-58f9cafe500f64ad \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e6729d0ebc579395:flow:137f07aaadb4<\/td>SESSION-e6729d0ebc579395 \u2192 flow:137f07aaadb4<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-787a71cfd2c6f769:host:192.168.1.185<\/td>SESSION-787a71cfd2c6f769 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:20.62.59.32:asn:8075<\/td>host:20.62.59.32 \u2192 asn:8075<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-17e440ba96a7a7b5:host:192.168.1.185:host:142.250.115.95<\/td>SESSION-17e440ba96a7a7b5 \u2192 host:192.168.1.185 \u2192 host:142.250.115.95<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-86bc6b9e53c222b0:host:192.168.1.185<\/td>SESSION-86bc6b9e53c222b0 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-a019cb392bc23a7a:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-a019cb392bc23a7a \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-200a1edeb5081c1b:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-200a1edeb5081c1b \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-604f49b2ccac8492:host:97.178.32.239<\/td>SESSION-604f49b2ccac8492 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-9c85e6a530e7f20f:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-9c85e6a530e7f20f \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-858ec5d25a7b6232:host:192.168.1.185<\/td>SESSION-858ec5d25a7b6232 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-10cf97843d85c279:host:192.168.1.185<\/td>SESSION-10cf97843d85c279 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-f8dc5b0051ee4914:host:192.168.1.185<\/td>SESSION-f8dc5b0051ee4914 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-348feef1c6ca6285:flow:300bb0be41cf<\/td>SESSION-348feef1c6ca6285 \u2192 flow:300bb0be41cf<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e53f703ab7b48a77:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e53f703ab7b48a77 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-de97a19f0937505c:host:104.18.1.62<\/td>SESSION-de97a19f0937505c \u2192 host:104.18.1.62<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-83d0b20751c23f69:host:192.168.1.1<\/td>SESSION-83d0b20751c23f69 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-9c845bfb2b534b59:host:150.171.28.10<\/td>SESSION-9c845bfb2b534b59 \u2192 host:150.171.28.10<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:c378386f9a22:port:tcp:443<\/td>flow:c378386f9a22 \u2192 port:tcp:443<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:919c57e90236:port:udp:443<\/td>flow:919c57e90236 \u2192 port:udp:443<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-1ea83345da6e2df0:host:192.168.1.165<\/td>SESSION-1ea83345da6e2df0 \u2192 host:192.168.1.165<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:f6fc82e11042:port:udp:5351<\/td>flow:f6fc82e11042 \u2192 port:udp:5351<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-348feef1c6ca6285:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-348feef1c6ca6285 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-9b68d4601d0ccd30:host:192.168.1.1<\/td>SESSION-9b68d4601d0ccd30 \u2192 host:192.168.1.1<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:660ca437efa1<\/td>flow:660ca437efa1 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-58f9cafe500f64ad:host:192.168.1.1<\/td>SESSION-58f9cafe500f64ad \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-184b3698d564c9c7:host:216.24.57.7<\/td>SESSION-184b3698d564c9c7 \u2192 host:216.24.57.7<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-e881aa680da5dbf3:SESSION-e881aa680da5dbf3<\/td>SESSION-e881aa680da5dbf3 \u2192 pe:tls:SESSION-e881aa680da5dbf3<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:f19ee6508782:port:tcp:58457<\/td>flow:f19ee6508782 \u2192 port:tcp:58457<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-858ec5d25a7b6232:flow:f79c1639a1f7<\/td>SESSION-858ec5d25a7b6232 \u2192 flow:f79c1639a1f7<\/td><\/tr>
PORT_IMPLIED_SERVICEIMP 70%<\/td>e:ps:port:tcp:80:svc:http<\/td>port:tcp:80 \u2192 svc:http<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:0c699e4ab5c4:port:udp:53<\/td>flow:0c699e4ab5c4 \u2192 port:udp:53<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-68666b77cce29d40:host:192.168.1.1<\/td>SESSION-68666b77cce29d40 \u2192 host:192.168.1.1<\/td><\/tr>
flow_observed3-aryOBS<\/td>e:fo:flow:df281449ac19<\/td>flow:df281449ac19 \u2192 host:97.178.32.239 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:13.107.226.57:geo_37.75100_-97.82200<\/td>host:13.107.226.57 \u2192 geo_37.75100_-97.82200<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:a912cd07306b:port:udp:41641<\/td>flow:a912cd07306b \u2192 port:udp:41641<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-604f49b2ccac8492:host:192.168.1.185:host:97.178.32.239<\/td>SESSION-604f49b2ccac8492 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e86e0a049372cc85:host:142.250.113.95<\/td>SESSION-e86e0a049372cc85 \u2192 host:142.250.113.95<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-04dc5a38b6cabcef:flow:05b4e5b174c0<\/td>SESSION-04dc5a38b6cabcef \u2192 flow:05b4e5b174c0<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:7fc08133133d:port:udp:44244<\/td>flow:7fc08133133d \u2192 port:udp:44244<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-bc4350b5c6d66f3f:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-bc4350b5c6d66f3f \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:660ca437efa1:dns:chatgpt.com<\/td>flow:660ca437efa1 \u2192 dns:chatgpt.com<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:bf8f4a131249<\/td>flow:bf8f4a131249 \u2192 host:192.168.1.185 \u2192 host:172.17.0.1 \u2192 port:udp:44244<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:660ca437efa1:dns:remotedesktop-pa.googleapis.com<\/td>flow:660ca437efa1 \u2192 dns:remotedesktop-pa.googleapis.com<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:82ce7409c0ca:port:tcp:80<\/td>flow:82ce7409c0ca \u2192 port:tcp:80<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:660ca437efa1:dns:browser.events.data.microsoft.com<\/td>flow:660ca437efa1 \u2192 dns:browser.events.data.microsoft.com<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-329be171c0b80b92:host:172.29.16.1<\/td>SESSION-329be171c0b80b92 \u2192 host:172.29.16.1<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-348feef1c6ca6285:host:192.168.1.185<\/td>SESSION-348feef1c6ca6285 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-7bf53771cd98ec17:host:192.168.1.185<\/td>SESSION-7bf53771cd98ec17 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-f8dc5b0051ee4914:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-f8dc5b0051ee4914 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-604f49b2ccac8492:host:97.178.32.239<\/td>SESSION-604f49b2ccac8492 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td>e:bsg:SESSION-9b68d4601d0ccd30:BSG-BEACON-4bc57cbec7cd<\/td>SESSION-9b68d4601d0ccd30 \u2192 BSG-BEACON-4bc57cbec7cd<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:300bb0be41cf<\/td>flow:300bb0be41cf \u2192 host:192.168.1.185 \u2192 host:151.101.113.140 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-b7d90a2138968fa3:host:209.177.156.94<\/td>SESSION-b7d90a2138968fa3 \u2192 host:209.177.156.94<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:779733f74ceb:port:tcp:443<\/td>flow:779733f74ceb \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-bcd07bc8e00bd126:flow:b41e05b0f148<\/td>SESSION-bcd07bc8e00bd126 \u2192 flow:b41e05b0f148<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:142.250.115.95:geo_37.75100_-97.82200<\/td>host:142.250.115.95 \u2192 geo_37.75100_-97.82200<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:4eed5ff51111:port:tcp:46407<\/td>flow:4eed5ff51111 \u2192 port:tcp:46407<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-dabcbf693ac9fbef:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-dabcbf693ac9fbef \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:15169:org:Google LLC<\/td>asn:15169 \u2192 org:Google LLC<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td>e:bsg:SESSION-83d0b20751c23f69:BSG-BEACON-4bc57cbec7cd<\/td>SESSION-83d0b20751c23f69 \u2192 BSG-BEACON-4bc57cbec7cd<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-1835bee014d5b0b3:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-1835bee014d5b0b3 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e5c653feb7de823f:host:192.168.1.185<\/td>SESSION-e5c653feb7de823f \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:syn:SESSION-d146af26ba988e06:SESSION-d146af26ba988e06<\/td>SESSION-d146af26ba988e06 \u2192 pe:syn:SESSION-d146af26ba988e06<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:b41e05b0f148:port:udp:3478<\/td>flow:b41e05b0f148 \u2192 port:udp:3478<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-06fade4febc8462c:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-06fade4febc8462c \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-ce6603a48a5c4c37:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-ce6603a48a5c4c37 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:bf7a9427297d:dns:ctldl.windowsupdate.com<\/td>flow:bf7a9427297d \u2192 dns:ctldl.windowsupdate.com<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-502ccca87ddbbb24:SESSION-502ccca87ddbbb24<\/td>SESSION-502ccca87ddbbb24 \u2192 pe:tls:SESSION-502ccca87ddbbb24<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:216.24.57.251:asn:397273<\/td>host:216.24.57.251 \u2192 asn:397273<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:65175f124256:port:tcp:443<\/td>flow:65175f124256 \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-741380b5a9a3a6c7:host:192.168.1.185<\/td>SESSION-741380b5a9a3a6c7 \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:abe950115ba3<\/td>flow:abe950115ba3 \u2192 host:192.168.1.185 \u2192 host:13.107.226.57 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-604f49b2ccac8492:host:192.168.1.185<\/td>SESSION-604f49b2ccac8492 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-184b3698d564c9c7:host:216.24.57.7:host:192.168.1.185<\/td>SESSION-184b3698d564c9c7 \u2192 host:216.24.57.7 \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:4f5810e72704<\/td>flow:4f5810e72704 \u2192 host:192.168.1.185 \u2192 host:192.73.244.245 \u2192 port:udp:3478<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-8c7ddbb6fe26a9a9:host:216.239.32.223<\/td>SESSION-8c7ddbb6fe26a9a9 \u2192 host:216.239.32.223<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-c8f5f362e7c0c5c8:host:216.24.57.251<\/td>SESSION-c8f5f362e7c0c5c8 \u2192 host:216.24.57.251<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:167.235.217.196:geo_50.47770_12.36490<\/td>host:167.235.217.196 \u2192 geo_50.47770_12.36490<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-cbcc97483386b4f3:host:104.18.32.47<\/td>SESSION-cbcc97483386b4f3 \u2192 host:104.18.32.47<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e6ad21d692182871:flow:cb933110cf94<\/td>SESSION-e6ad21d692182871 \u2192 flow:cb933110cf94<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:189be888c3af:port:tcp:443<\/td>flow:189be888c3af \u2192 port:tcp:443<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:192.200.0.112:geo_43.63190_-79.37160<\/td>host:192.200.0.112 \u2192 geo_43.63190_-79.37160<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-5419af02605f5da4:host:192.168.1.185<\/td>SESSION-5419af02605f5da4 \u2192 host:192.168.1.185<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:396982:org:Google LLC<\/td>asn:396982 \u2192 org:Google LLC<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e6729d0ebc579395:host:192.168.1.185:host:97.178.32.239<\/td>SESSION-e6729d0ebc579395 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:d84a13678d67<\/td>flow:d84a13678d67 \u2192 host:192.168.1.185 \u2192 host:142.250.113.95 \u2192 port:udp:443 \u2192 svc:https<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-04dc5a38b6cabcef:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-04dc5a38b6cabcef \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-06fade4febc8462c:flow:189be888c3af<\/td>SESSION-06fade4febc8462c \u2192 flow:189be888c3af<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-d7f6ed06cf3ab18b:host:192.168.1.185<\/td>SESSION-d7f6ed06cf3ab18b \u2192 host:192.168.1.185<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:97.178.32.239:asn:6167<\/td>host:97.178.32.239 \u2192 asn:6167<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-3cb87513d2c7904f:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-3cb87513d2c7904f \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-502ccca87ddbbb24:host:192.168.1.185:host:35.190.80.1<\/td>SESSION-502ccca87ddbbb24 \u2192 host:192.168.1.185 \u2192 host:35.190.80.1<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-8394aca80c2a0790:host:192.168.1.185:host:52.182.143.215<\/td>SESSION-8394aca80c2a0790 \u2192 host:192.168.1.185 \u2192 host:52.182.143.215<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-ea1d23994577309a:host:192.168.1.185<\/td>SESSION-ea1d23994577309a \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:65c7de267840:port:udp:5351<\/td>flow:65c7de267840 \u2192 port:udp:5351<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-65e185b6eab54d6a:flow:65c7de267840<\/td>SESSION-65e185b6eab54d6a \u2192 flow:65c7de267840<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-c8f5f362e7c0c5c8:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-c8f5f362e7c0c5c8 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-d146af26ba988e06:host:104.18.32.47<\/td>SESSION-d146af26ba988e06 \u2192 host:104.18.32.47<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e6ad21d692182871:host:192.168.1.185<\/td>SESSION-e6ad21d692182871 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-8c7ddbb6fe26a9a9:host:216.239.32.223:host:192.168.1.185<\/td>SESSION-8c7ddbb6fe26a9a9 \u2192 host:216.239.32.223 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-bc4350b5c6d66f3f:host:192.168.1.185<\/td>SESSION-bc4350b5c6d66f3f \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-c4d9c40a7fec56be:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-c4d9c40a7fec56be \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-06fade4febc8462c:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-06fade4febc8462c \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:52.110.6.13:geo_29.42270_-98.49270<\/td>host:52.110.6.13 \u2192 geo_29.42270_-98.49270<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-9c845bfb2b534b59:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-9c845bfb2b534b59 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-65e185b6eab54d6a:host:192.168.1.185<\/td>SESSION-65e185b6eab54d6a \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-9dab8edd40d14d9d:host:192.168.1.185<\/td>SESSION-9dab8edd40d14d9d \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-348feef1c6ca6285:host:192.168.1.185:host:151.101.113.140<\/td>SESSION-348feef1c6ca6285 \u2192 host:192.168.1.185 \u2192 host:151.101.113.140<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e5c653feb7de823f:host:192.168.1.185<\/td>SESSION-e5c653feb7de823f \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-d146af26ba988e06:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-d146af26ba988e06 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:3d20532e84ed:port:udp:443<\/td>flow:3d20532e84ed \u2192 port:udp:443<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-81e5b5be161de125:host:192.168.1.185<\/td>SESSION-81e5b5be161de125 \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:682d5368c69e<\/td>flow:682d5368c69e \u2192 host:192.168.1.185 \u2192 host:97.178.32.239 \u2192 port:udp:1050<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-9c845bfb2b534b59:host:192.168.1.185<\/td>SESSION-9c845bfb2b534b59 \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:b41e05b0f148<\/td>flow:b41e05b0f148 \u2192 host:192.168.1.185 \u2192 host:209.177.158.246 \u2192 port:udp:3478<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-65a9e51617aa2712:host:199.165.136.100<\/td>SESSION-65a9e51617aa2712 \u2192 host:199.165.136.100<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e5c653feb7de823f:host:192.168.1.185:host:192.73.243.135<\/td>SESSION-e5c653feb7de823f \u2192 host:192.168.1.185 \u2192 host:192.73.243.135<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:bab9257727f6<\/td>flow:bab9257727f6 \u2192 host:192.168.1.185 \u2192 host:23.219.160.5 \u2192 port:udp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-36cd4459caa078a9:flow:5a246bdf60e4<\/td>SESSION-36cd4459caa078a9 \u2192 flow:5a246bdf60e4<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-9c85e6a530e7f20f:host:192.168.1.185<\/td>SESSION-9c85e6a530e7f20f \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-de97a19f0937505c:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-de97a19f0937505c \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-7bf53771cd98ec17:flow:f6fc82e11042<\/td>SESSION-7bf53771cd98ec17 \u2192 flow:f6fc82e11042<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:23.219.160.5:asn:20940<\/td>host:23.219.160.5 \u2192 asn:20940<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-3cb87513d2c7904f:host:192.168.1.1<\/td>SESSION-3cb87513d2c7904f \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-58f9cafe500f64ad:host:192.168.1.1<\/td>SESSION-58f9cafe500f64ad \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-200a1edeb5081c1b:flow:d479ce3b7365<\/td>SESSION-200a1edeb5081c1b \u2192 flow:d479ce3b7365<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-de97a19f0937505c:host:104.18.1.62:host:192.168.1.185<\/td>SESSION-de97a19f0937505c \u2192 host:104.18.1.62 \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:0523b90826b8<\/td>flow:0523b90826b8 \u2192 host:192.200.0.112 \u2192 host:192.168.1.185 \u2192 port:tcp:51645<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e0cdf80170e46e9e:host:192.168.1.185<\/td>SESSION-e0cdf80170e46e9e \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-8c7ddbb6fe26a9a9:host:192.168.1.185<\/td>SESSION-8c7ddbb6fe26a9a9 \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:26faad66f81e<\/td>flow:26faad66f81e \u2192 host:192.168.1.185 \u2192 host:172.18.0.1 \u2192 port:udp:44244<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-05305b96b26cdffd:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-05305b96b26cdffd \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:d83699920b5b:port:tcp:443<\/td>flow:d83699920b5b \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e53f703ab7b48a77:flow:9aa8161296f7<\/td>SESSION-e53f703ab7b48a77 \u2192 flow:9aa8161296f7<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-7dbcb4428a9e5e71:host:192.168.1.185<\/td>SESSION-7dbcb4428a9e5e71 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-17e440ba96a7a7b5:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-17e440ba96a7a7b5 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-787a71cfd2c6f769:host:162.159.128.61:host:192.168.1.185<\/td>SESSION-787a71cfd2c6f769 \u2192 host:162.159.128.61 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:150.171.28.10:geo_37.75100_-97.82200<\/td>host:150.171.28.10 \u2192 geo_37.75100_-97.82200<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-68666b77cce29d40:host:192.168.1.1<\/td>SESSION-68666b77cce29d40 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-65e185b6eab54d6a:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-65e185b6eab54d6a \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-36cd4459caa078a9:host:192.168.1.185<\/td>SESSION-36cd4459caa078a9 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:341692033057:port:udp:41641<\/td>flow:341692033057 \u2192 port:udp:41641<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:46f60ddc23a2<\/td>flow:46f60ddc23a2 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:tcp:46407<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-22420a928847cfad:host:192.168.1.185<\/td>SESSION-22420a928847cfad \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:478de54cd94a:port:udp:31036<\/td>flow:478de54cd94a \u2192 port:udp:31036<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:192.73.248.83:geo_32.77970_-96.80220<\/td>host:192.73.248.83 \u2192 geo_32.77970_-96.80220<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-055fd962754012c2:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-055fd962754012c2 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-787a71cfd2c6f769:SESSION-787a71cfd2c6f769<\/td>SESSION-787a71cfd2c6f769 \u2192 pe:tls:SESSION-787a71cfd2c6f769<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:dns:SESSION-68666b77cce29d40:SESSION-68666b77cce29d40<\/td>SESSION-68666b77cce29d40 \u2192 pe:dns:SESSION-68666b77cce29d40<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-7b2b00e0ceb88c09:host:20.62.59.32<\/td>SESSION-7b2b00e0ceb88c09 \u2192 host:20.62.59.32<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:c44b4fd56f98<\/td>flow:c44b4fd56f98 \u2192 host:216.239.32.223 \u2192 host:192.168.1.185 \u2192 port:udp:60920<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-055fd962754012c2:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-055fd962754012c2 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-fa034e5132aecf5b:host:192.168.1.185<\/td>SESSION-fa034e5132aecf5b \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:f6fc82e11042<\/td>flow:f6fc82e11042 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:udp:5351<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-716de9787a03c45e:host:23.219.160.5<\/td>SESSION-716de9787a03c45e \u2192 host:23.219.160.5<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:151.101.113.140:geo_32.77970_-96.80220<\/td>host:151.101.113.140 \u2192 geo_32.77970_-96.80220<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-348feef1c6ca6285:host:151.101.113.140<\/td>SESSION-348feef1c6ca6285 \u2192 host:151.101.113.140<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-99947e3aab494326:host:192.168.1.185<\/td>SESSION-99947e3aab494326 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-934baa2aae663ceb:host:151.101.113.140<\/td>SESSION-934baa2aae663ceb \u2192 host:151.101.113.140<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-4cf06bd9f9c07bb4:host:97.178.32.239<\/td>SESSION-4cf06bd9f9c07bb4 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-1065a64ded6cc44c:flow:7fc08133133d<\/td>SESSION-1065a64ded6cc44c \u2192 flow:7fc08133133d<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:8075:org:Microsoft Corporation<\/td>asn:8075 \u2192 org:Microsoft Corporation<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:35.190.80.1:geo_37.75100_-97.82200<\/td>host:35.190.80.1 \u2192 geo_37.75100_-97.82200<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-10cf97843d85c279:host:192.168.1.185:host:209.177.156.94<\/td>SESSION-10cf97843d85c279 \u2192 host:192.168.1.185 \u2192 host:209.177.156.94<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-2014bf32e6dab59e:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-2014bf32e6dab59e \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-7b2b00e0ceb88c09:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-7b2b00e0ceb88c09 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-934baa2aae663ceb:host:192.168.1.185<\/td>SESSION-934baa2aae663ceb \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-9c845bfb2b534b59:host:150.171.28.10<\/td>SESSION-9c845bfb2b534b59 \u2192 host:150.171.28.10<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-1ea83345da6e2df0:host:224.0.0.22<\/td>SESSION-1ea83345da6e2df0 \u2192 host:224.0.0.22<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:16509:org:Amazon.com, Inc.<\/td>asn:16509 \u2192 org:Amazon.com, Inc.<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:216.24.57.7:geo_37.75100_-97.82200<\/td>host:216.24.57.7 \u2192 geo_37.75100_-97.82200<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-ce6603a48a5c4c37:host:192.168.1.185<\/td>SESSION-ce6603a48a5c4c37 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-b7338ba843b2dafa:SESSION-b7338ba843b2dafa<\/td>SESSION-b7338ba843b2dafa \u2192 pe:tls:SESSION-b7338ba843b2dafa<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-9c85e6a530e7f20f:host:192.168.1.185<\/td>SESSION-9c85e6a530e7f20f \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-4cf06bd9f9c07bb4:host:192.168.1.185<\/td>SESSION-4cf06bd9f9c07bb4 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-5673cdc8e15ecc28:host:167.235.217.196:host:192.168.1.185<\/td>SESSION-5673cdc8e15ecc28 \u2192 host:167.235.217.196 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:syn:SESSION-83d0b20751c23f69:SESSION-83d0b20751c23f69<\/td>SESSION-83d0b20751c23f69 \u2192 pe:syn:SESSION-83d0b20751c23f69<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-ce6603a48a5c4c37:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-ce6603a48a5c4c37 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-741380b5a9a3a6c7:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-741380b5a9a3a6c7 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:137f07aaadb4<\/td>flow:137f07aaadb4 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239 \u2192 port:udp:41641<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-741380b5a9a3a6c7:SESSION-741380b5a9a3a6c7<\/td>SESSION-741380b5a9a3a6c7 \u2192 pe:tls:SESSION-741380b5a9a3a6c7<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:f3b81336df74:port:tcp:443<\/td>flow:f3b81336df74 \u2192 port:tcp:443<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-36cd4459caa078a9:host:135.234.174.40<\/td>SESSION-36cd4459caa078a9 \u2192 host:135.234.174.40<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-de97a19f0937505c:SESSION-de97a19f0937505c<\/td>SESSION-de97a19f0937505c \u2192 pe:tls:SESSION-de97a19f0937505c<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-fa034e5132aecf5b:host:192.168.1.185:host:13.107.226.57<\/td>SESSION-fa034e5132aecf5b \u2192 host:192.168.1.185 \u2192 host:13.107.226.57<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-441bb1af5ec88ffb:host:76.76.21.22<\/td>SESSION-441bb1af5ec88ffb \u2192 host:76.76.21.22<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-5419af02605f5da4:flow:341692033057<\/td>SESSION-5419af02605f5da4 \u2192 flow:341692033057<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:ab2fda60ec38<\/td>flow:ab2fda60ec38 \u2192 host:192.168.1.185 \u2192 host:150.171.28.10 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-2681df7af5f78270:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-2681df7af5f78270 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-bc4350b5c6d66f3f:host:34.111.31.13<\/td>SESSION-bc4350b5c6d66f3f \u2192 host:34.111.31.13<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-99947e3aab494326:SESSION-99947e3aab494326<\/td>SESSION-99947e3aab494326 \u2192 pe:tls:SESSION-99947e3aab494326<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-8394aca80c2a0790:host:192.168.1.185<\/td>SESSION-8394aca80c2a0790 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:5b983251f483:port:tcp:52133<\/td>flow:5b983251f483 \u2192 port:tcp:52133<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-8fd6ad39adf47a18:host:104.18.36.216<\/td>SESSION-8fd6ad39adf47a18 \u2192 host:104.18.36.216<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-1835bee014d5b0b3:host:192.168.1.185<\/td>SESSION-1835bee014d5b0b3 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_HTTP_HOSTOBS<\/td>e:fh:flow:82ce7409c0ca:http_host:ctldl.windowsupdate.com<\/td>flow:82ce7409c0ca \u2192 http_host:ctldl.windowsupdate.com<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-716de9787a03c45e:host:192.168.1.185<\/td>SESSION-716de9787a03c45e \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-858ec5d25a7b6232:host:192.168.1.185:host:97.178.32.239<\/td>SESSION-858ec5d25a7b6232 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-c8f5f362e7c0c5c8:flow:e36e1209129d<\/td>SESSION-c8f5f362e7c0c5c8 \u2192 flow:e36e1209129d<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-bc4350b5c6d66f3f:flow:c0b4f157e073<\/td>SESSION-bc4350b5c6d66f3f \u2192 flow:c0b4f157e073<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:397273:org:Render<\/td>asn:397273 \u2192 org:Render<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-5673cdc8e15ecc28:host:192.168.1.185<\/td>SESSION-5673cdc8e15ecc28 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-423d6f8fa2a9f7bc:SESSION-423d6f8fa2a9f7bc<\/td>SESSION-423d6f8fa2a9f7bc \u2192 pe:tls:SESSION-423d6f8fa2a9f7bc<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-17e440ba96a7a7b5:flow:e34282443dab<\/td>SESSION-17e440ba96a7a7b5 \u2192 flow:e34282443dab<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-a019cb392bc23a7a:host:192.168.1.185:host:199.165.136.100<\/td>SESSION-a019cb392bc23a7a \u2192 host:192.168.1.185 \u2192 host:199.165.136.100<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-21bfec774060aafb:flow:46f60ddc23a2<\/td>SESSION-21bfec774060aafb \u2192 flow:46f60ddc23a2<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-184b3698d564c9c7:host:192.168.1.185<\/td>SESSION-184b3698d564c9c7 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-7b2b00e0ceb88c09:host:192.168.1.185:host:20.62.59.32<\/td>SESSION-7b2b00e0ceb88c09 \u2192 host:192.168.1.185 \u2192 host:20.62.59.32<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-99947e3aab494326:host:192.200.0.112:host:192.168.1.185<\/td>SESSION-99947e3aab494326 \u2192 host:192.200.0.112 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-a019cb392bc23a7a:host:192.168.1.185<\/td>SESSION-a019cb392bc23a7a \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:0380e0cd29dc<\/td>flow:0380e0cd29dc \u2192 host:104.18.39.21 \u2192 host:192.168.1.185 \u2192 port:tcp:52640<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:d479ce3b7365<\/td>flow:d479ce3b7365 \u2192 host:52.110.6.13 \u2192 host:192.168.1.185 \u2192 port:tcp:54629<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:00f4e10d6ac7:port:tcp:43844<\/td>flow:00f4e10d6ac7 \u2192 port:tcp:43844<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:151.101.112.217:asn:54113<\/td>host:151.101.112.217 \u2192 asn:54113<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:d84a13678d67:port:udp:443<\/td>flow:d84a13678d67 \u2192 port:udp:443<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:135.234.174.40:asn:8075<\/td>host:135.234.174.40 \u2192 asn:8075<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-441bb1af5ec88ffb:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-441bb1af5ec88ffb \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-22420a928847cfad:host:192.168.1.1<\/td>SESSION-22420a928847cfad \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-348feef1c6ca6285:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-348feef1c6ca6285 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:027ad06c15d5<\/td>flow:027ad06c15d5 \u2192 host:104.18.36.216 \u2192 host:192.168.1.185 \u2192 port:tcp:55880<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:97.178.32.239:geo_29.82840_-95.46960<\/td>host:97.178.32.239 \u2192 geo_29.82840_-95.46960<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e6ad21d692182871:host:192.168.1.185<\/td>SESSION-e6ad21d692182871 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e53f703ab7b48a77:host:199.165.136.100<\/td>SESSION-e53f703ab7b48a77 \u2192 host:199.165.136.100<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e5c653feb7de823f:flow:62d01d1bf747<\/td>SESSION-e5c653feb7de823f \u2192 flow:62d01d1bf747<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:216.239.32.223:asn:15169<\/td>host:216.239.32.223 \u2192 asn:15169<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-21bfec774060aafb:host:192.168.1.1<\/td>SESSION-21bfec774060aafb \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-329be171c0b80b92:host:192.168.1.185<\/td>SESSION-329be171c0b80b92 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-3cb87513d2c7904f:host:192.168.1.185<\/td>SESSION-3cb87513d2c7904f \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-741380b5a9a3a6c7:host:172.64.151.22:host:192.168.1.185<\/td>SESSION-741380b5a9a3a6c7 \u2192 host:172.64.151.22 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-b7338ba843b2dafa:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-b7338ba843b2dafa \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:syn:SESSION-9b68d4601d0ccd30:SESSION-9b68d4601d0ccd30<\/td>SESSION-9b68d4601d0ccd30 \u2192 pe:syn:SESSION-9b68d4601d0ccd30<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-a019cb392bc23a7a:host:199.165.136.100<\/td>SESSION-a019cb392bc23a7a \u2192 host:199.165.136.100<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:9cc54a60d88a<\/td>flow:9cc54a60d88a \u2192 host:167.235.217.196 \u2192 host:192.168.1.185 \u2192 port:tcp:54986<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-329be171c0b80b92:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-329be171c0b80b92 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:62d01d1bf747<\/td>flow:62d01d1bf747 \u2192 host:192.168.1.185 \u2192 host:192.73.243.135 \u2192 port:udp:3478<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-65e185b6eab54d6a:host:192.168.1.1<\/td>SESSION-65e185b6eab54d6a \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-81e5b5be161de125:flow:82ce7409c0ca<\/td>SESSION-81e5b5be161de125 \u2192 flow:82ce7409c0ca<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-858ec5d25a7b6232:host:97.178.32.239<\/td>SESSION-858ec5d25a7b6232 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-04dc5a38b6cabcef:host:167.235.217.196:host:192.168.1.185<\/td>SESSION-04dc5a38b6cabcef \u2192 host:167.235.217.196 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-65a9e51617aa2712:host:192.168.1.185<\/td>SESSION-65a9e51617aa2712 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-1065a64ded6cc44c:host:172.19.0.1<\/td>SESSION-1065a64ded6cc44c \u2192 host:172.19.0.1<\/td><\/tr>
flow_observed3-aryOBS<\/td>e:fo:flow:bf7a9427297d<\/td>flow:bf7a9427297d \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-9dab8edd40d14d9d:host:104.18.39.21<\/td>SESSION-9dab8edd40d14d9d \u2192 host:104.18.39.21<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:fdf049da8b14:port:udp:3478<\/td>flow:fdf049da8b14 \u2192 port:udp:3478<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-08bfd8721a383a39:host:192.168.1.1<\/td>SESSION-08bfd8721a383a39 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-2014bf32e6dab59e:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-2014bf32e6dab59e \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-9b68d4601d0ccd30:host:192.168.1.185<\/td>SESSION-9b68d4601d0ccd30 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-d146af26ba988e06:host:192.168.1.185<\/td>SESSION-d146af26ba988e06 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-5673cdc8e15ecc28:host:167.235.217.196<\/td>SESSION-5673cdc8e15ecc28 \u2192 host:167.235.217.196<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-7dbcb4428a9e5e71:host:192.168.1.185<\/td>SESSION-7dbcb4428a9e5e71 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:35.190.80.1:asn:396982<\/td>host:35.190.80.1 \u2192 asn:396982<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:03d3562fa35f<\/td>flow:03d3562fa35f \u2192 host:192.168.1.185 \u2192 host:97.178.32.239 \u2192 port:udp:52243<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-b7d90a2138968fa3:host:192.168.1.185<\/td>SESSION-b7d90a2138968fa3 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-cbcc97483386b4f3:SESSION-cbcc97483386b4f3<\/td>SESSION-cbcc97483386b4f3 \u2192 pe:tls:SESSION-cbcc97483386b4f3<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-f32643b41a201d5b:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-f32643b41a201d5b \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-3cb87513d2c7904f:host:192.168.1.1<\/td>SESSION-3cb87513d2c7904f \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%<\/td>e:bsg:SESSION-b7d90a2138968fa3:BSG-DATA_EXFIL-e7f288856e4c<\/td>SESSION-b7d90a2138968fa3 \u2192 BSG-DATA_EXFIL-e7f288856e4c<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-bcd07bc8e00bd126:host:192.168.1.185<\/td>SESSION-bcd07bc8e00bd126 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-81e5b5be161de125:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-81e5b5be161de125 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-502ccca87ddbbb24:host:192.168.1.185<\/td>SESSION-502ccca87ddbbb24 \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:cb933110cf94<\/td>flow:cb933110cf94 \u2192 host:192.168.1.185 \u2192 host:199.165.136.100 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-329be171c0b80b92:host:192.168.1.185:host:172.29.16.1<\/td>SESSION-329be171c0b80b92 \u2192 host:192.168.1.185 \u2192 host:172.29.16.1<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-ea1d23994577309a:host:104.18.22.222:host:192.168.1.185<\/td>SESSION-ea1d23994577309a \u2192 host:104.18.22.222 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-c4d9c40a7fec56be:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-c4d9c40a7fec56be \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:341692033057<\/td>flow:341692033057 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239 \u2192 port:udp:41641<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td>e:bsg:SESSION-934baa2aae663ceb:BSG-BEACON-3fa1dca5627c<\/td>SESSION-934baa2aae663ceb \u2192 BSG-BEACON-3fa1dca5627c<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-36cd4459caa078a9:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-36cd4459caa078a9 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-05305b96b26cdffd:SESSION-05305b96b26cdffd<\/td>SESSION-05305b96b26cdffd \u2192 pe:tls:SESSION-05305b96b26cdffd<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:495f7c8d94fd:port:tcp:43844<\/td>flow:495f7c8d94fd \u2192 port:tcp:43844<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e5c653feb7de823f:host:192.73.243.135<\/td>SESSION-e5c653feb7de823f \u2192 host:192.73.243.135<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-502ccca87ddbbb24:host:35.190.80.1<\/td>SESSION-502ccca87ddbbb24 \u2192 host:35.190.80.1<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:f5abaef54664:port:tcp:46407<\/td>flow:f5abaef54664 \u2192 port:tcp:46407<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:54113:org:Fastly, Inc.<\/td>asn:54113 \u2192 org:Fastly, Inc.<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-17e440ba96a7a7b5:host:142.250.115.95<\/td>SESSION-17e440ba96a7a7b5 \u2192 host:142.250.115.95<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:05b4e5b174c0<\/td>flow:05b4e5b174c0 \u2192 host:167.235.217.196 \u2192 host:192.168.1.185 \u2192 port:tcp:54986<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-81e5b5be161de125:host:151.101.114.172<\/td>SESSION-81e5b5be161de125 \u2192 host:151.101.114.172<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e6ad21d692182871:host:199.165.136.100<\/td>SESSION-e6ad21d692182871 \u2192 host:199.165.136.100<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-17e440ba96a7a7b5:host:192.168.1.185<\/td>SESSION-17e440ba96a7a7b5 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-17e440ba96a7a7b5:host:142.250.115.95<\/td>SESSION-17e440ba96a7a7b5 \u2192 host:142.250.115.95<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-1065a64ded6cc44c:host:192.168.1.185<\/td>SESSION-1065a64ded6cc44c \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e565a4fbf5cff09b:host:192.73.248.83<\/td>SESSION-e565a4fbf5cff09b \u2192 host:192.73.248.83<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e53f703ab7b48a77:host:199.165.136.100<\/td>SESSION-e53f703ab7b48a77 \u2192 host:199.165.136.100<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-f32643b41a201d5b:host:192.168.1.185<\/td>SESSION-f32643b41a201d5b \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-86bc6b9e53c222b0:host:192.168.1.185<\/td>SESSION-86bc6b9e53c222b0 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-f32643b41a201d5b:host:209.177.158.246<\/td>SESSION-f32643b41a201d5b \u2192 host:209.177.158.246<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:f5abaef54664<\/td>flow:f5abaef54664 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:tcp:46407<\/td><\/tr>
FLOW_TLS_SNIOBS<\/td>e:fs:flow:f25397a8d5d5:tls_sni:chatgpt.com<\/td>flow:f25397a8d5d5 \u2192 tls_sni:chatgpt.com<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-06fade4febc8462c:host:192.168.1.185<\/td>SESSION-06fade4febc8462c \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:syn:SESSION-06fade4febc8462c:SESSION-06fade4febc8462c<\/td>SESSION-06fade4febc8462c \u2192 pe:syn:SESSION-06fade4febc8462c<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-8394aca80c2a0790:host:52.182.143.215<\/td>SESSION-8394aca80c2a0790 \u2192 host:52.182.143.215<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-04dc5a38b6cabcef:SESSION-04dc5a38b6cabcef<\/td>SESSION-04dc5a38b6cabcef \u2192 pe:tls:SESSION-04dc5a38b6cabcef<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-5673cdc8e15ecc28:SESSION-5673cdc8e15ecc28<\/td>SESSION-5673cdc8e15ecc28 \u2192 pe:tls:SESSION-5673cdc8e15ecc28<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-934baa2aae663ceb:SESSION-934baa2aae663ceb<\/td>SESSION-934baa2aae663ceb \u2192 pe:tls:SESSION-934baa2aae663ceb<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:65175f124256<\/td>flow:65175f124256 \u2192 host:192.168.1.185 \u2192 host:199.165.136.100 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-716de9787a03c45e:host:192.168.1.185:host:23.219.160.5<\/td>SESSION-716de9787a03c45e \u2192 host:192.168.1.185 \u2192 host:23.219.160.5<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-1835bee014d5b0b3:flow:bf8f4a131249<\/td>SESSION-1835bee014d5b0b3 \u2192 flow:bf8f4a131249<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-65e185b6eab54d6a:host:192.168.1.185<\/td>SESSION-65e185b6eab54d6a \u2192 host:192.168.1.185<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:a3f08c1df1f5<\/td>flow:a3f08c1df1f5 \u2192 host:192.168.1.185 \u2192 host:192.73.248.83 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:ef26bc2c964d:port:tcp:62104<\/td>flow:ef26bc2c964d \u2192 port:tcp:62104<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:82ce7409c0ca<\/td>flow:82ce7409c0ca \u2192 host:192.168.1.185 \u2192 host:151.101.114.172 \u2192 port:tcp:80 \u2192 svc:http<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-b7338ba843b2dafa:host:192.168.1.185<\/td>SESSION-b7338ba843b2dafa \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:007f4ea11c64:port:tcp:443<\/td>flow:007f4ea11c64 \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-9dab8edd40d14d9d:host:104.18.39.21<\/td>SESSION-9dab8edd40d14d9d \u2192 host:104.18.39.21<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-cbcc97483386b4f3:flow:7986b2093729<\/td>SESSION-cbcc97483386b4f3 \u2192 flow:7986b2093729<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-22420a928847cfad:host:192.168.1.1<\/td>SESSION-22420a928847cfad \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-8c7ddbb6fe26a9a9:host:216.239.32.223<\/td>SESSION-8c7ddbb6fe26a9a9 \u2192 host:216.239.32.223<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:3d20532e84ed<\/td>flow:3d20532e84ed \u2192 host:192.168.1.185 \u2192 host:23.219.160.5 \u2192 port:udp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-7dbcb4428a9e5e71:host:209.177.156.94<\/td>SESSION-7dbcb4428a9e5e71 \u2192 host:209.177.156.94<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-1ea83345da6e2df0:host:192.168.1.165:host:224.0.0.22<\/td>SESSION-1ea83345da6e2df0 \u2192 host:192.168.1.165 \u2192 host:224.0.0.22<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-055fd962754012c2:SESSION-055fd962754012c2<\/td>SESSION-055fd962754012c2 \u2192 pe:tls:SESSION-055fd962754012c2<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-cbcc97483386b4f3:host:192.168.1.185:host:104.18.32.47<\/td>SESSION-cbcc97483386b4f3 \u2192 host:192.168.1.185 \u2192 host:104.18.32.47<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-e6ad21d692182871:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-e6ad21d692182871 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-8394aca80c2a0790:host:192.168.1.185<\/td>SESSION-8394aca80c2a0790 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-184b3698d564c9c7:SESSION-184b3698d564c9c7<\/td>SESSION-184b3698d564c9c7 \u2192 pe:tls:SESSION-184b3698d564c9c7<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-5419af02605f5da4:host:192.168.1.185<\/td>SESSION-5419af02605f5da4 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e53f703ab7b48a77:host:192.168.1.185<\/td>SESSION-e53f703ab7b48a77 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:104.208.203.89:asn:8075<\/td>host:104.208.203.89 \u2192 asn:8075<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-22420a928847cfad:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-22420a928847cfad \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:abe950115ba3:port:tcp:443<\/td>flow:abe950115ba3 \u2192 port:tcp:443<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:46c89f86a16a:port:udp:443<\/td>flow:46c89f86a16a \u2192 port:udp:443<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-e25097cf84c7b988:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-e25097cf84c7b988 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-f32643b41a201d5b:host:192.168.1.185:host:209.177.158.246<\/td>SESSION-f32643b41a201d5b \u2192 host:192.168.1.185 \u2192 host:209.177.158.246<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:192.73.244.245:geo_34.05440_-118.24400<\/td>host:192.73.244.245 \u2192 geo_34.05440_-118.24400<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-7dbcb4428a9e5e71:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-7dbcb4428a9e5e71 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-184b3698d564c9c7:host:216.24.57.7<\/td>SESSION-184b3698d564c9c7 \u2192 host:216.24.57.7<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-8394aca80c2a0790:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-8394aca80c2a0790 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-9c845bfb2b534b59:host:192.168.1.185:host:150.171.28.10<\/td>SESSION-9c845bfb2b534b59 \u2192 host:192.168.1.185 \u2192 host:150.171.28.10<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:dd3dd13e1b60:port:udp:3478<\/td>flow:dd3dd13e1b60 \u2192 port:udp:3478<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-ce6603a48a5c4c37:host:23.219.160.5<\/td>SESSION-ce6603a48a5c4c37 \u2192 host:23.219.160.5<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-1f115942b61afe54:host:192.73.244.245<\/td>SESSION-1f115942b61afe54 \u2192 host:192.73.244.245<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:f25397a8d5d5:port:tcp:443<\/td>flow:f25397a8d5d5 \u2192 port:tcp:443<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-21bfec774060aafb:host:192.168.1.185<\/td>SESSION-21bfec774060aafb \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-423d6f8fa2a9f7bc:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-423d6f8fa2a9f7bc \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-ea1d23994577309a:host:104.18.22.222<\/td>SESSION-ea1d23994577309a \u2192 host:104.18.22.222<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-ea1d23994577309a:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-ea1d23994577309a \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-1f115942b61afe54:host:192.168.1.185<\/td>SESSION-1f115942b61afe54 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e53f703ab7b48a77:host:192.168.1.185<\/td>SESSION-e53f703ab7b48a77 \u2192 host:192.168.1.185<\/td><\/tr>
PORT_IMPLIED_SERVICEIMP 70%<\/td>e:ps:port:udp:443:svc:https<\/td>port:udp:443 \u2192 svc:https<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-65a9e51617aa2712:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-65a9e51617aa2712 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-bcd07bc8e00bd126:host:192.168.1.185:host:209.177.158.246<\/td>SESSION-bcd07bc8e00bd126 \u2192 host:192.168.1.185 \u2192 host:209.177.158.246<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-f32643b41a201d5b:host:209.177.158.246<\/td>SESSION-f32643b41a201d5b \u2192 host:209.177.158.246<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-c4d9c40a7fec56be:SESSION-c4d9c40a7fec56be<\/td>SESSION-c4d9c40a7fec56be \u2192 pe:tls:SESSION-c4d9c40a7fec56be<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:dc8e0c394478:dns:wpad.mynetworksettings.com<\/td>flow:dc8e0c394478 \u2192 dns:wpad.mynetworksettings.com<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-9c85e6a530e7f20f:host:192.168.1.185:host:192.200.0.112<\/td>SESSION-9c85e6a530e7f20f \u2192 host:192.168.1.185 \u2192 host:192.200.0.112<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-441bb1af5ec88ffb:host:192.168.1.185<\/td>SESSION-441bb1af5ec88ffb \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-36cd4459caa078a9:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-36cd4459caa078a9 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-b7d90a2138968fa3:host:192.168.1.185<\/td>SESSION-b7d90a2138968fa3 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-1835bee014d5b0b3:host:172.17.0.1<\/td>SESSION-1835bee014d5b0b3 \u2192 host:172.17.0.1<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-17e440ba96a7a7b5:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-17e440ba96a7a7b5 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-f8dc5b0051ee4914:host:192.168.1.1<\/td>SESSION-f8dc5b0051ee4914 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:0c699e4ab5c4:dns:chatgpt.com<\/td>flow:0c699e4ab5c4 \u2192 dns:chatgpt.com<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-7dbcb4428a9e5e71:host:192.168.1.185:host:209.177.156.94<\/td>SESSION-7dbcb4428a9e5e71 \u2192 host:192.168.1.185 \u2192 host:209.177.156.94<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:0523b90826b8:port:tcp:51645<\/td>flow:0523b90826b8 \u2192 port:tcp:51645<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:151.101.114.172:geo_32.77970_-96.80220<\/td>host:151.101.114.172 \u2192 geo_32.77970_-96.80220<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-05305b96b26cdffd:host:104.18.39.21:host:192.168.1.185<\/td>SESSION-05305b96b26cdffd \u2192 host:104.18.39.21 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-055fd962754012c2:host:104.208.203.89<\/td>SESSION-055fd962754012c2 \u2192 host:104.208.203.89<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-2014bf32e6dab59e:host:192.168.1.185<\/td>SESSION-2014bf32e6dab59e \u2192 host:192.168.1.185<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:151.101.112.217:geo_32.77970_-96.80220<\/td>host:151.101.112.217 \u2192 geo_32.77970_-96.80220<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:135.234.174.40:geo_38.70950_-78.15390<\/td>host:135.234.174.40 \u2192 geo_38.70950_-78.15390<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:e36e1209129d:port:tcp:51049<\/td>flow:e36e1209129d \u2192 port:tcp:51049<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-d146af26ba988e06:SESSION-d146af26ba988e06<\/td>SESSION-d146af26ba988e06 \u2192 pe:tls:SESSION-d146af26ba988e06<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e881aa680da5dbf3:host:151.101.112.217<\/td>SESSION-e881aa680da5dbf3 \u2192 host:151.101.112.217<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e0cdf80170e46e9e:host:192.168.1.185:host:142.250.115.95<\/td>SESSION-e0cdf80170e46e9e \u2192 host:192.168.1.185 \u2192 host:142.250.115.95<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e0cdf80170e46e9e:flow:919c57e90236<\/td>SESSION-e0cdf80170e46e9e \u2192 flow:919c57e90236<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-a019cb392bc23a7a:host:199.165.136.100<\/td>SESSION-a019cb392bc23a7a \u2192 host:199.165.136.100<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:919c57e90236<\/td>flow:919c57e90236 \u2192 host:192.168.1.185 \u2192 host:142.250.115.95 \u2192 port:udp:443 \u2192 svc:https<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-2681df7af5f78270:host:192.168.1.185<\/td>SESSION-2681df7af5f78270 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-ea1d23994577309a:host:104.18.22.222<\/td>SESSION-ea1d23994577309a \u2192 host:104.18.22.222<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-7dbcb4428a9e5e71:flow:a42e7b1c53d5<\/td>SESSION-7dbcb4428a9e5e71 \u2192 flow:a42e7b1c53d5<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-fa034e5132aecf5b:SESSION-fa034e5132aecf5b<\/td>SESSION-fa034e5132aecf5b \u2192 pe:tls:SESSION-fa034e5132aecf5b<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:20940:org:Akamai International B.V.<\/td>asn:20940 \u2192 org:Akamai International B.V.<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-08bfd8721a383a39:host:192.168.1.185<\/td>SESSION-08bfd8721a383a39 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-8fd6ad39adf47a18:host:104.18.36.216<\/td>SESSION-8fd6ad39adf47a18 \u2192 host:104.18.36.216<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-4cf06bd9f9c07bb4:host:97.178.32.239<\/td>SESSION-4cf06bd9f9c07bb4 \u2192 host:97.178.32.239<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:1cae684ccaf1<\/td>flow:1cae684ccaf1 \u2192 host:192.168.1.185 \u2192 host:35.190.80.1 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-21bfec774060aafb:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-21bfec774060aafb \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:e36e1209129d<\/td>flow:e36e1209129d \u2192 host:216.24.57.251 \u2192 host:192.168.1.185 \u2192 port:tcp:51049<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-604f49b2ccac8492:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-604f49b2ccac8492 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-21bfec774060aafb:host:192.168.1.185<\/td>SESSION-21bfec774060aafb \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:9aa8161296f7:port:tcp:443<\/td>flow:9aa8161296f7 \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-1835bee014d5b0b3:host:172.17.0.1<\/td>SESSION-1835bee014d5b0b3 \u2192 host:172.17.0.1<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-787a71cfd2c6f769:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-787a71cfd2c6f769 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-8fd6ad39adf47a18:host:192.168.1.185<\/td>SESSION-8fd6ad39adf47a18 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-05305b96b26cdffd:host:192.168.1.185<\/td>SESSION-05305b96b26cdffd \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-dabcbf693ac9fbef:host:150.171.28.10<\/td>SESSION-dabcbf693ac9fbef \u2192 host:150.171.28.10<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-e565a4fbf5cff09b:SESSION-e565a4fbf5cff09b<\/td>SESSION-e565a4fbf5cff09b \u2192 pe:tls:SESSION-e565a4fbf5cff09b<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:syn:SESSION-cbcc97483386b4f3:SESSION-cbcc97483386b4f3<\/td>SESSION-cbcc97483386b4f3 \u2192 pe:syn:SESSION-cbcc97483386b4f3<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-cbcc97483386b4f3:host:192.168.1.185<\/td>SESSION-cbcc97483386b4f3 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e86e0a049372cc85:flow:d84a13678d67<\/td>SESSION-e86e0a049372cc85 \u2192 flow:d84a13678d67<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-04dc5a38b6cabcef:host:192.168.1.185<\/td>SESSION-04dc5a38b6cabcef \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e66fd8e05921da5d:host:192.168.1.185<\/td>SESSION-e66fd8e05921da5d \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-dabcbf693ac9fbef:flow:ab2fda60ec38<\/td>SESSION-dabcbf693ac9fbef \u2192 flow:ab2fda60ec38<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-1f115942b61afe54:host:192.168.1.185:host:192.73.244.245<\/td>SESSION-1f115942b61afe54 \u2192 host:192.168.1.185 \u2192 host:192.73.244.245<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:481a8cb33c5b<\/td>flow:481a8cb33c5b \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:udp:5351<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:76.76.21.22:asn:16509<\/td>host:76.76.21.22 \u2192 asn:16509<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-fa034e5132aecf5b:host:13.107.226.57<\/td>SESSION-fa034e5132aecf5b \u2192 host:13.107.226.57<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-858ec5d25a7b6232:host:97.178.32.239<\/td>SESSION-858ec5d25a7b6232 \u2192 host:97.178.32.239<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:03d3562fa35f:port:udp:52243<\/td>flow:03d3562fa35f \u2192 port:udp:52243<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:a3f08c1df1f5:port:tcp:443<\/td>flow:a3f08c1df1f5 \u2192 port:tcp:443<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-858ec5d25a7b6232:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-858ec5d25a7b6232 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-7b2b00e0ceb88c09:host:192.168.1.185<\/td>SESSION-7b2b00e0ceb88c09 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-bcd07bc8e00bd126:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-bcd07bc8e00bd126 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:d479ce3b7365:port:tcp:54629<\/td>flow:d479ce3b7365 \u2192 port:tcp:54629<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-4cf06bd9f9c07bb4:host:192.168.1.185<\/td>SESSION-4cf06bd9f9c07bb4 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-c8f5f362e7c0c5c8:host:192.168.1.185<\/td>SESSION-c8f5f362e7c0c5c8 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-0e59fb5fe4c720df:flow:00f4e10d6ac7<\/td>SESSION-0e59fb5fe4c720df \u2192 flow:00f4e10d6ac7<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-5419af02605f5da4:host:97.178.32.239<\/td>SESSION-5419af02605f5da4 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-cbcc97483386b4f3:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-cbcc97483386b4f3 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-9c845bfb2b534b59:SESSION-9c845bfb2b534b59<\/td>SESSION-9c845bfb2b534b59 \u2192 pe:tls:SESSION-9c845bfb2b534b59<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-9dab8edd40d14d9d:flow:f19ee6508782<\/td>SESSION-9dab8edd40d14d9d \u2192 flow:f19ee6508782<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-06fade4febc8462c:host:104.18.23.222<\/td>SESSION-06fade4febc8462c \u2192 host:104.18.23.222<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-5419af02605f5da4:host:192.168.1.185:host:97.178.32.239<\/td>SESSION-5419af02605f5da4 \u2192 host:192.168.1.185 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-716de9787a03c45e:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-716de9787a03c45e \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-741380b5a9a3a6c7:host:172.64.151.22<\/td>SESSION-741380b5a9a3a6c7 \u2192 host:172.64.151.22<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-86bc6b9e53c222b0:host:23.219.160.5<\/td>SESSION-86bc6b9e53c222b0 \u2192 host:23.219.160.5<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-1065a64ded6cc44c:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-1065a64ded6cc44c \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:05b4e5b174c0:port:tcp:54986<\/td>flow:05b4e5b174c0 \u2192 port:tcp:54986<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e53f703ab7b48a77:host:192.168.1.185:host:199.165.136.100<\/td>SESSION-e53f703ab7b48a77 \u2192 host:192.168.1.185 \u2192 host:199.165.136.100<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-2014bf32e6dab59e:host:151.101.113.140<\/td>SESSION-2014bf32e6dab59e \u2192 host:151.101.113.140<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:f3b81336df74<\/td>flow:f3b81336df74 \u2192 host:192.168.1.185 \u2192 host:151.101.112.217 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e25097cf84c7b988:host:97.178.32.239<\/td>SESSION-e25097cf84c7b988 \u2192 host:97.178.32.239<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-200a1edeb5081c1b:host:192.168.1.185<\/td>SESSION-200a1edeb5081c1b \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-0e59fb5fe4c720df:SESSION-0e59fb5fe4c720df<\/td>SESSION-0e59fb5fe4c720df \u2192 pe:tls:SESSION-0e59fb5fe4c720df<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:495f7c8d94fd<\/td>flow:495f7c8d94fd \u2192 host:209.177.156.94 \u2192 host:192.168.1.185 \u2192 port:tcp:43844<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-65a9e51617aa2712:host:192.168.1.185:host:199.165.136.100<\/td>SESSION-65a9e51617aa2712 \u2192 host:192.168.1.185 \u2192 host:199.165.136.100<\/td><\/tr>
ASN_IN_ORGOBS 80%<\/td>e:ao:asn:14618:org:Amazon.com, Inc.<\/td>asn:14618 \u2192 org:Amazon.com, Inc.<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:bab9257727f6:port:udp:443<\/td>flow:bab9257727f6 \u2192 port:udp:443<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:7be9da9aa76d<\/td>flow:7be9da9aa76d \u2192 host:192.168.1.185 \u2192 host:52.182.143.215 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:4eed5ff51111<\/td>flow:4eed5ff51111 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:tcp:46407<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95%<\/td>e:bsg:SESSION-06fade4febc8462c:BSG-DATA_EXFIL-78b438a917b5<\/td>SESSION-06fade4febc8462c \u2192 BSG-DATA_EXFIL-78b438a917b5<\/td><\/tr>
flow_observed3-aryOBS<\/td>e:fo:flow:7395be855a32<\/td>flow:7395be855a32 \u2192 host:97.178.32.239 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-05305b96b26cdffd:host:104.18.39.21<\/td>SESSION-05305b96b26cdffd \u2192 host:104.18.39.21<\/td><\/tr>
FLOW_TLS_SNIOBS<\/td>e:fs:flow:7be9da9aa76d:tls_sni:browser.events.data.microsoft.com<\/td>flow:7be9da9aa76d \u2192 tls_sni:browser.events.data.microsoft.com<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:0c699e4ab5c4<\/td>flow:0c699e4ab5c4 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-10cf97843d85c279:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-10cf97843d85c279 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-2014bf32e6dab59e:SESSION-2014bf32e6dab59e<\/td>SESSION-2014bf32e6dab59e \u2192 pe:tls:SESSION-2014bf32e6dab59e<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-d7f6ed06cf3ab18b:flow:df281449ac19<\/td>SESSION-d7f6ed06cf3ab18b \u2192 flow:df281449ac19<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-7b2b00e0ceb88c09:flow:4ac806f4d834<\/td>SESSION-7b2b00e0ceb88c09 \u2192 flow:4ac806f4d834<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-08bfd8721a383a39:flow:dc8e0c394478<\/td>SESSION-08bfd8721a383a39 \u2192 flow:dc8e0c394478<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-10cf97843d85c279:host:209.177.156.94<\/td>SESSION-10cf97843d85c279 \u2192 host:209.177.156.94<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-c4d9c40a7fec56be:host:192.168.1.185:host:135.234.174.40<\/td>SESSION-c4d9c40a7fec56be \u2192 host:192.168.1.185 \u2192 host:135.234.174.40<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-348feef1c6ca6285:host:192.168.1.185<\/td>SESSION-348feef1c6ca6285 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-36cd4459caa078a9:host:192.168.1.185:host:135.234.174.40<\/td>SESSION-36cd4459caa078a9 \u2192 host:192.168.1.185 \u2192 host:135.234.174.40<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:21a678dc75de<\/td>flow:21a678dc75de \u2192 host:192.168.1.185 \u2192 host:199.165.136.100 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e881aa680da5dbf3:host:192.168.1.185:host:151.101.112.217<\/td>SESSION-e881aa680da5dbf3 \u2192 host:192.168.1.185 \u2192 host:151.101.112.217<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:00f4e10d6ac7<\/td>flow:00f4e10d6ac7 \u2192 host:209.177.156.94 \u2192 host:192.168.1.185 \u2192 port:tcp:43844<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-c8f5f362e7c0c5c8:host:216.24.57.251:host:192.168.1.185<\/td>SESSION-c8f5f362e7c0c5c8 \u2192 host:216.24.57.251 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-858ec5d25a7b6232:host:192.168.1.185<\/td>SESSION-858ec5d25a7b6232 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:137f07aaadb4:port:udp:41641<\/td>flow:137f07aaadb4 \u2192 port:udp:41641<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-08bfd8721a383a39:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-08bfd8721a383a39 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-99947e3aab494326:host:192.200.0.112<\/td>SESSION-99947e3aab494326 \u2192 host:192.200.0.112<\/td><\/tr>
PORT_IMPLIED_SERVICEIMP 70%<\/td>e:ps:port:udp:53:svc:dns<\/td>port:udp:53 \u2192 svc:dns<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-1ea83345da6e2df0:host:192.168.1.165<\/td>SESSION-1ea83345da6e2df0 \u2192 host:192.168.1.165<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-0e59fb5fe4c720df:host:209.177.156.94:host:192.168.1.185<\/td>SESSION-0e59fb5fe4c720df \u2192 host:209.177.156.94 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:46f60ddc23a2:port:tcp:46407<\/td>flow:46f60ddc23a2 \u2192 port:tcp:46407<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-8394aca80c2a0790:host:52.182.143.215<\/td>SESSION-8394aca80c2a0790 \u2192 host:52.182.143.215<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-716de9787a03c45e:flow:3d20532e84ed<\/td>SESSION-716de9787a03c45e \u2192 flow:3d20532e84ed<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e0cdf80170e46e9e:host:142.250.115.95<\/td>SESSION-e0cdf80170e46e9e \u2192 host:142.250.115.95<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-dabcbf693ac9fbef:host:192.168.1.185:host:150.171.28.10<\/td>SESSION-dabcbf693ac9fbef \u2192 host:192.168.1.185 \u2192 host:150.171.28.10<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-05305b96b26cdffd:host:192.168.1.185<\/td>SESSION-05305b96b26cdffd \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:51a92af49050:port:tcp:443<\/td>flow:51a92af49050 \u2192 port:tcp:443<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e0cdf80170e46e9e:host:142.250.115.95<\/td>SESSION-e0cdf80170e46e9e \u2192 host:142.250.115.95<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-934baa2aae663ceb:host:192.168.1.185<\/td>SESSION-934baa2aae663ceb \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-36cd4459caa078a9:host:192.168.1.185<\/td>SESSION-36cd4459caa078a9 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:104.208.203.89:geo_36.66940_-78.38770<\/td>host:104.208.203.89 \u2192 geo_36.66940_-78.38770<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95%<\/td>e:bsg:SESSION-cbcc97483386b4f3:BSG-DATA_EXFIL-78b438a917b5<\/td>SESSION-cbcc97483386b4f3 \u2192 BSG-DATA_EXFIL-78b438a917b5<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:c65476284ea0<\/td>flow:c65476284ea0 \u2192 host:162.159.128.61 \u2192 host:192.168.1.185 \u2192 port:tcp:61509<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-b7d90a2138968fa3:host:209.177.156.94<\/td>SESSION-b7d90a2138968fa3 \u2192 host:209.177.156.94<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:151.101.114.172:asn:54113<\/td>host:151.101.114.172 \u2192 asn:54113<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-0e59fb5fe4c720df:host:209.177.156.94<\/td>SESSION-0e59fb5fe4c720df \u2192 host:209.177.156.94<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-65e185b6eab54d6a:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-65e185b6eab54d6a \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-c4d9c40a7fec56be:host:135.234.174.40<\/td>SESSION-c4d9c40a7fec56be \u2192 host:135.234.174.40<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:0380e0cd29dc:port:tcp:52640<\/td>flow:0380e0cd29dc \u2192 port:tcp:52640<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-441bb1af5ec88ffb:host:192.168.1.185<\/td>SESSION-441bb1af5ec88ffb \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-8c7ddbb6fe26a9a9:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-8c7ddbb6fe26a9a9 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:52.182.143.215:geo_41.60150_-93.61270<\/td>host:52.182.143.215 \u2192 geo_41.60150_-93.61270<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:9d482c927ad5:port:tcp:443<\/td>flow:9d482c927ad5 \u2192 port:tcp:443<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95%<\/td>e:bsg:SESSION-8394aca80c2a0790:BSG-DATA_EXFIL-78b438a917b5<\/td>SESSION-8394aca80c2a0790 \u2192 BSG-DATA_EXFIL-78b438a917b5<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-c8f5f362e7c0c5c8:SESSION-c8f5f362e7c0c5c8<\/td>SESSION-c8f5f362e7c0c5c8 \u2192 pe:tls:SESSION-c8f5f362e7c0c5c8<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-68666b77cce29d40:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-68666b77cce29d40 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-36cd4459caa078a9:SESSION-36cd4459caa078a9<\/td>SESSION-36cd4459caa078a9 \u2192 pe:tls:SESSION-36cd4459caa078a9<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-e0cdf80170e46e9e:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-e0cdf80170e46e9e \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-184b3698d564c9c7:flow:a25fcb74f721<\/td>SESSION-184b3698d564c9c7 \u2192 flow:a25fcb74f721<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-68666b77cce29d40:host:192.168.1.185<\/td>SESSION-68666b77cce29d40 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-716de9787a03c45e:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-716de9787a03c45e \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-1835bee014d5b0b3:host:192.168.1.185:host:172.17.0.1<\/td>SESSION-1835bee014d5b0b3 \u2192 host:192.168.1.185 \u2192 host:172.17.0.1<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-441bb1af5ec88ffb:SESSION-441bb1af5ec88ffb<\/td>SESSION-441bb1af5ec88ffb \u2192 pe:tls:SESSION-441bb1af5ec88ffb<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e25097cf84c7b988:flow:682d5368c69e<\/td>SESSION-e25097cf84c7b988 \u2192 flow:682d5368c69e<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:20.62.59.32:geo_36.66940_-78.38770<\/td>host:20.62.59.32 \u2192 geo_36.66940_-78.38770<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-dabcbf693ac9fbef:SESSION-dabcbf693ac9fbef<\/td>SESSION-dabcbf693ac9fbef \u2192 pe:tls:SESSION-dabcbf693ac9fbef<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-b7338ba843b2dafa:host:192.73.248.83<\/td>SESSION-b7338ba843b2dafa \u2192 host:192.73.248.83<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-86bc6b9e53c222b0:host:192.168.1.185:host:23.219.160.5<\/td>SESSION-86bc6b9e53c222b0 \u2192 host:192.168.1.185 \u2192 host:23.219.160.5<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-8fd6ad39adf47a18:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-8fd6ad39adf47a18 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-ce6603a48a5c4c37:flow:bab9257727f6<\/td>SESSION-ce6603a48a5c4c37 \u2192 flow:bab9257727f6<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:142.250.113.95:asn:15169<\/td>host:142.250.113.95 \u2192 asn:15169<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e6729d0ebc579395:host:192.168.1.185<\/td>SESSION-e6729d0ebc579395 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-7bf53771cd98ec17:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-7bf53771cd98ec17 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-f8dc5b0051ee4914:host:192.168.1.185<\/td>SESSION-f8dc5b0051ee4914 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-055fd962754012c2:host:192.168.1.185<\/td>SESSION-055fd962754012c2 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-68666b77cce29d40:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-68666b77cce29d40 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-348feef1c6ca6285:host:151.101.113.140<\/td>SESSION-348feef1c6ca6285 \u2192 host:151.101.113.140<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-d146af26ba988e06:host:192.168.1.185:host:104.18.32.47<\/td>SESSION-d146af26ba988e06 \u2192 host:192.168.1.185 \u2192 host:104.18.32.47<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:51a92af49050<\/td>flow:51a92af49050 \u2192 host:192.168.1.185 \u2192 host:76.76.21.22 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:1cae684ccaf1:port:tcp:443<\/td>flow:1cae684ccaf1 \u2192 port:tcp:443<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-04dc5a38b6cabcef:host:192.168.1.185<\/td>SESSION-04dc5a38b6cabcef \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-f32643b41a201d5b:host:192.168.1.185<\/td>SESSION-f32643b41a201d5b \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-2681df7af5f78270:host:97.178.32.239:host:192.168.1.185<\/td>SESSION-2681df7af5f78270 \u2192 host:97.178.32.239 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-06fade4febc8462c:host:104.18.23.222<\/td>SESSION-06fade4febc8462c \u2192 host:104.18.23.222<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:027ad06c15d5:port:tcp:55880<\/td>flow:027ad06c15d5 \u2192 port:tcp:55880<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-e881aa680da5dbf3:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-e881aa680da5dbf3 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-bc4350b5c6d66f3f:host:34.111.31.13<\/td>SESSION-bc4350b5c6d66f3f \u2192 host:34.111.31.13<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-81e5b5be161de125:host:151.101.114.172<\/td>SESSION-81e5b5be161de125 \u2192 host:151.101.114.172<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:syn:SESSION-81e5b5be161de125:SESSION-81e5b5be161de125<\/td>SESSION-81e5b5be161de125 \u2192 pe:syn:SESSION-81e5b5be161de125<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e6ad21d692182871:host:199.165.136.100<\/td>SESSION-e6ad21d692182871 \u2192 host:199.165.136.100<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-99947e3aab494326:flow:0523b90826b8<\/td>SESSION-99947e3aab494326 \u2192 flow:0523b90826b8<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-b7338ba843b2dafa:host:192.168.1.185<\/td>SESSION-b7338ba843b2dafa \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e86e0a049372cc85:host:192.168.1.185<\/td>SESSION-e86e0a049372cc85 \u2192 host:192.168.1.185<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:23.213.232.172:asn:20940<\/td>host:23.213.232.172 \u2192 asn:20940<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:142.250.115.95:asn:15169<\/td>host:142.250.115.95 \u2192 asn:15169<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:167.235.217.196:asn:24940<\/td>host:167.235.217.196 \u2192 asn:24940<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:a42e7b1c53d5:port:udp:3478<\/td>flow:a42e7b1c53d5 \u2192 port:udp:3478<\/td><\/tr>
FLOW_QUERIED_DNSOBS<\/td>e:fd:flow:660ca437efa1:dns:copilot.microsoft.com<\/td>flow:660ca437efa1 \u2192 dns:copilot.microsoft.com<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-f32643b41a201d5b:flow:dd3dd13e1b60<\/td>SESSION-f32643b41a201d5b \u2192 flow:dd3dd13e1b60<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-e66fd8e05921da5d:flow:26faad66f81e<\/td>SESSION-e66fd8e05921da5d \u2192 flow:26faad66f81e<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:300bb0be41cf:port:tcp:443<\/td>flow:300bb0be41cf \u2192 port:tcp:443<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-9c845bfb2b534b59:host:192.168.1.185<\/td>SESSION-9c845bfb2b534b59 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-d7f6ed06cf3ab18b:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-d7f6ed06cf3ab18b \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-d146af26ba988e06:flow:f25397a8d5d5<\/td>SESSION-d146af26ba988e06 \u2192 flow:f25397a8d5d5<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:481a8cb33c5b:port:udp:5351<\/td>flow:481a8cb33c5b \u2192 port:udp:5351<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:7be9da9aa76d:port:tcp:443<\/td>flow:7be9da9aa76d \u2192 port:tcp:443<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:52.182.143.215:asn:8075<\/td>host:52.182.143.215 \u2192 asn:8075<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-65a9e51617aa2712:SESSION-65a9e51617aa2712<\/td>SESSION-65a9e51617aa2712 \u2192 pe:tls:SESSION-65a9e51617aa2712<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-e6729d0ebc579395:host:97.178.32.239<\/td>SESSION-e6729d0ebc579395 \u2192 host:97.178.32.239<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-7dbcb4428a9e5e71:host:209.177.156.94<\/td>SESSION-7dbcb4428a9e5e71 \u2192 host:209.177.156.94<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-0e59fb5fe4c720df:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-0e59fb5fe4c720df \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:779733f74ceb<\/td>flow:779733f74ceb \u2192 host:192.168.1.185 \u2192 host:104.208.203.89 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-fa034e5132aecf5b:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-fa034e5132aecf5b \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-04dc5a38b6cabcef:host:167.235.217.196<\/td>SESSION-04dc5a38b6cabcef \u2192 host:167.235.217.196<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-423d6f8fa2a9f7bc:host:23.213.232.172<\/td>SESSION-423d6f8fa2a9f7bc \u2192 host:23.213.232.172<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-9b68d4601d0ccd30:flow:f5abaef54664<\/td>SESSION-9b68d4601d0ccd30 \u2192 flow:f5abaef54664<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-7bf53771cd98ec17:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-7bf53771cd98ec17 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-1835bee014d5b0b3:host:192.168.1.185<\/td>SESSION-1835bee014d5b0b3 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:1fbee9feb06d:port:tcp:51146<\/td>flow:1fbee9feb06d \u2192 port:tcp:51146<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:151.101.113.140:asn:54113<\/td>host:151.101.113.140 \u2192 asn:54113<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-934baa2aae663ceb:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-934baa2aae663ceb \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-5673cdc8e15ecc28:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-5673cdc8e15ecc28 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-65a9e51617aa2712:flow:21a678dc75de<\/td>SESSION-65a9e51617aa2712 \u2192 flow:21a678dc75de<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-e66fd8e05921da5d:host:192.168.1.185:host:172.18.0.1<\/td>SESSION-e66fd8e05921da5d \u2192 host:192.168.1.185 \u2192 host:172.18.0.1<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-9c85e6a530e7f20f:SESSION-9c85e6a530e7f20f<\/td>SESSION-9c85e6a530e7f20f \u2192 pe:tls:SESSION-9c85e6a530e7f20f<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-441bb1af5ec88ffb:flow:51a92af49050<\/td>SESSION-441bb1af5ec88ffb \u2192 flow:51a92af49050<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-d146af26ba988e06:host:104.18.32.47<\/td>SESSION-d146af26ba988e06 \u2192 host:104.18.32.47<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:dns:SESSION-58f9cafe500f64ad:SESSION-58f9cafe500f64ad<\/td>SESSION-58f9cafe500f64ad \u2192 pe:dns:SESSION-58f9cafe500f64ad<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:fdf049da8b14<\/td>flow:fdf049da8b14 \u2192 host:192.168.1.185 \u2192 host:209.177.156.94 \u2192 port:udp:3478<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-06fade4febc8462c:host:192.168.1.185<\/td>SESSION-06fade4febc8462c \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-d7f6ed06cf3ab18b:host:192.168.1.185<\/td>SESSION-d7f6ed06cf3ab18b \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-65a9e51617aa2712:host:199.165.136.100<\/td>SESSION-65a9e51617aa2712 \u2192 host:199.165.136.100<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-bc4350b5c6d66f3f:host:192.168.1.185:host:34.111.31.13<\/td>SESSION-bc4350b5c6d66f3f \u2192 host:192.168.1.185 \u2192 host:34.111.31.13<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-e25097cf84c7b988:host:192.168.1.185<\/td>SESSION-e25097cf84c7b988 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-58f9cafe500f64ad:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-58f9cafe500f64ad \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-9c85e6a530e7f20f:host:192.200.0.112<\/td>SESSION-9c85e6a530e7f20f \u2192 host:192.200.0.112<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-04dc5a38b6cabcef:host:167.235.217.196<\/td>SESSION-04dc5a38b6cabcef \u2192 host:167.235.217.196<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-58f9cafe500f64ad:host:192.168.1.185<\/td>SESSION-58f9cafe500f64ad \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-1f115942b61afe54:host:192.73.244.245<\/td>SESSION-1f115942b61afe54 \u2192 host:192.73.244.245<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-fa034e5132aecf5b:host:13.107.226.57<\/td>SESSION-fa034e5132aecf5b \u2192 host:13.107.226.57<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-ce6603a48a5c4c37:host:23.219.160.5<\/td>SESSION-ce6603a48a5c4c37 \u2192 host:23.219.160.5<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:192.73.243.135:asn:36236<\/td>host:192.73.243.135 \u2192 asn:36236<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 95%<\/td>e:bsg:SESSION-b7338ba843b2dafa:BSG-DATA_EXFIL-78b438a917b5<\/td>SESSION-b7338ba843b2dafa \u2192 BSG-DATA_EXFIL-78b438a917b5<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-604f49b2ccac8492:host:192.168.1.185<\/td>SESSION-604f49b2ccac8492 \u2192 host:192.168.1.185<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-1f115942b61afe54:host:192.168.1.185<\/td>SESSION-1f115942b61afe54 \u2192 host:192.168.1.185<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-8fd6ad39adf47a18:flow:027ad06c15d5<\/td>SESSION-8fd6ad39adf47a18 \u2192 flow:027ad06c15d5<\/td><\/tr>
HOST_GEO_ESTIMATEOBS 60%<\/td>e:hg:host:209.177.158.246:geo_41.88350_-87.63050<\/td>host:209.177.158.246 \u2192 geo_41.88350_-87.63050<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-2681df7af5f78270:host:97.178.32.239<\/td>SESSION-2681df7af5f78270 \u2192 host:97.178.32.239<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-e86e0a049372cc85:host:142.250.113.95<\/td>SESSION-e86e0a049372cc85 \u2192 host:142.250.113.95<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-741380b5a9a3a6c7:flow:ef26bc2c964d<\/td>SESSION-741380b5a9a3a6c7 \u2192 flow:ef26bc2c964d<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-d7f6ed06cf3ab18b:host:97.178.32.239<\/td>SESSION-d7f6ed06cf3ab18b \u2192 host:97.178.32.239<\/td><\/tr>
FLOW_DST_PORTOBS<\/td>e:fp:flow:682d5368c69e:port:udp:1050<\/td>flow:682d5368c69e \u2192 port:udp:1050<\/td><\/tr>
FLOW_FROM_HOSTOBS<\/td>e:from:SESSION-d7f6ed06cf3ab18b:host:97.178.32.239<\/td>SESSION-d7f6ed06cf3ab18b \u2192 host:97.178.32.239<\/td><\/tr>
flow_observed4-aryOBS<\/td>e:fo:flow:f19ee6508782<\/td>flow:f19ee6508782 \u2192 host:104.18.39.21 \u2192 host:192.168.1.185 \u2192 port:tcp:58457<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%<\/td>e:bsg:SESSION-348feef1c6ca6285:BSG-BEACON-3fa1dca5627c<\/td>SESSION-348feef1c6ca6285 \u2192 BSG-BEACON-3fa1dca5627c<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:6fe67514daf4<\/td>flow:6fe67514daf4 \u2192 host:192.168.1.185 \u2192 host:192.73.248.83 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-1ea83345da6e2df0:flow:d658b18ff560<\/td>SESSION-1ea83345da6e2df0 \u2192 flow:d658b18ff560<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:007f4ea11c64<\/td>flow:007f4ea11c64 \u2192 host:192.168.1.185 \u2192 host:135.234.174.40 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-de97a19f0937505c:flow:1fbee9feb06d<\/td>SESSION-de97a19f0937505c \u2192 flow:1fbee9feb06d<\/td><\/tr>
SESSION_CONTAINS_EVENTOBS<\/td>e:pe:pe:tls:SESSION-ea1d23994577309a:SESSION-ea1d23994577309a<\/td>SESSION-ea1d23994577309a \u2192 pe:tls:SESSION-ea1d23994577309a<\/td><\/tr>
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 80%<\/td>e:bsg:SESSION-e86e0a049372cc85:BSG-HORIZ_SCAN-cd2c52661c4b<\/td>SESSION-e86e0a049372cc85 \u2192 BSG-HORIZ_SCAN-cd2c52661c4b<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-22420a928847cfad:flow:481a8cb33c5b<\/td>SESSION-22420a928847cfad \u2192 flow:481a8cb33c5b<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-cbcc97483386b4f3:host:104.18.32.47<\/td>SESSION-cbcc97483386b4f3 \u2192 host:104.18.32.47<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-055fd962754012c2:host:104.208.203.89<\/td>SESSION-055fd962754012c2 \u2192 host:104.208.203.89<\/td><\/tr>
SESSION_DERIVED_FROM_PCAPOBS<\/td>e:derived:SESSION-b7d90a2138968fa3:PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td>SESSION-b7d90a2138968fa3 \u2192 PCAP:cap_05182026_430pmCST:aee251eecdd8<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-329be171c0b80b92:host:172.29.16.1<\/td>SESSION-329be171c0b80b92 \u2192 host:172.29.16.1<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:f25397a8d5d5<\/td>flow:f25397a8d5d5 \u2192 host:192.168.1.185 \u2192 host:104.18.32.47 \u2192 port:tcp:443 \u2192 svc:https<\/td><\/tr>
FLOW_TO_HOSTOBS<\/td>e:to:SESSION-65e185b6eab54d6a:host:192.168.1.1<\/td>SESSION-65e185b6eab54d6a \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-741380b5a9a3a6c7:host:172.64.151.22<\/td>SESSION-741380b5a9a3a6c7 \u2192 host:172.64.151.22<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-c4d9c40a7fec56be:flow:007f4ea11c64<\/td>SESSION-c4d9c40a7fec56be \u2192 flow:007f4ea11c64<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-1ea83345da6e2df0:host:224.0.0.22<\/td>SESSION-1ea83345da6e2df0 \u2192 host:224.0.0.22<\/td><\/tr>
SESSION_OBSERVED_FLOWOBS<\/td>e:sof:SESSION-68666b77cce29d40:flow:0c699e4ab5c4<\/td>SESSION-68666b77cce29d40 \u2192 flow:0c699e4ab5c4<\/td><\/tr>
flow_observed5-aryOBS<\/td>e:fo:flow:dc8e0c394478<\/td>flow:dc8e0c394478 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1 \u2192 port:udp:53 \u2192 svc:dns<\/td><\/tr>
SESSION_BETWEEN_HOSTS3-aryOBS<\/td>e:sbh:SESSION-08bfd8721a383a39:host:192.168.1.185:host:192.168.1.1<\/td>SESSION-08bfd8721a383a39 \u2192 host:192.168.1.185 \u2192 host:192.168.1.1<\/td><\/tr>
HOST_IN_ASNOBS 85%<\/td>e:ha:host:34.111.31.13:asn:396982<\/td>host:34.111.31.13 \u2192 asn:396982<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-21bfec774060aafb:host:192.168.1.1<\/td>SESSION-21bfec774060aafb \u2192 host:192.168.1.1<\/td><\/tr>
SESSION_OBSERVED_HOSTOBS<\/td>e:soh:SESSION-83d0b20751c23f69:host:192.168.1.185<\/td>SESSION-83d0b20751c23f69 \u2192 host:192.168.1.185<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
1 PCAPs \u2022 79 sessions \u2022 45 hosts \u2022 29 \ud83c\udf0d geolocated \u25b6 \ud83d\udcc4 cap_05182026_430pmCST.pcapng 354.9 KB \u2022 79 sessions \u2022 UDP:30 TCP:45 ICMP:3 OTHER:1 Kind ID Labels Position asn asn:54113 asn=54,113, org=Fastly, Inc. asn asn:24940 asn=24,940, org=Hetzner Online GmbH asn asn:397273 asn=397,273, org=Render asn asn:20940 asn=20,940, org=Akamai International B.V. asn asn:16509 asn=16,509, org=Amazon.com, Inc. asn asn:8075 asn=8,075, org=Microsoft Corporation asn asn:36236 asn=36,236,… <\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"class_list":["post-6057","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages\/6057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6057"}],"version-history":[{"count":2,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages\/6057\/revisions"}],"predecessor-version":[{"id":6060,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages\/6057\/revisions\/6060"}],"wp:attachment":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}